Vulnerabilities > Oracle > JD Edwards Enterpriseone Tools
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-04 | CVE-2017-3730 | NULL Pointer Dereference vulnerability in multiple products In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. | 5.0 |
| 2017-04-24 | CVE-2017-3517 | Remote Security vulnerability in Oracle JD Edwards Enterpriseone Tools 9.2 Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime SEC). | 6.4 |
| 2017-04-17 | CVE-2017-5645 | Deserialization of Untrusted Data vulnerability in multiple products In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. | 9.8 |
| 2015-07-09 | CVE-2015-1793 | 7PK - Security Features vulnerability in multiple products The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate. | 6.5 |
| 2015-01-21 | CVE-2014-6565 | Remote Security vulnerability in Oracle JD Edwards Enterpriseone Tools 9.1.5 Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1.5 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Portal SEC. | 7.5 |
| 2012-01-18 | CVE-2011-3524 | Information Disclosure vulnerability in Oracle products Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect confidentiality, related to Enterprise Infrastructure SEC (JDENET), a different vulnerability than CVE-2011-2325, CVE-2011-2326, and CVE-2011-3509. | 4.0 |
| 2012-01-18 | CVE-2011-3514 | Remote Security Bypass vulnerability in Oracle products Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect integrity, related to Enterprise Infrastructure SEC (JDENET). | 4.0 |
| 2012-01-18 | CVE-2011-3509 | Remote File Disclosure vulnerability in Oracle products Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect confidentiality, related to Enterprise Infrastructure SEC (JDENET), a different vulnerability than CVE-2011-2325, CVE-2011-2326, and CVE-2011-3524. | 4.0 |
| 2012-01-18 | CVE-2011-2326 | Information Disclosure vulnerability in Oracle products Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect confidentiality, related to Enterprise Infrastructure SEC (JDENET), a different vulnerability than CVE-2011-2325, CVE-2011-3509, and CVE-2011-3524. | 4.0 |
| 2012-01-18 | CVE-2011-2325 | Password Disclosure Security vulnerability in Oracle products Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect confidentiality, related to Enterprise Infrastructure SEC (JDENET), a different vulnerability than CVE-2011-2326, CVE-2011-3509, and CVE-2011-3524. | 4.0 |