Vulnerabilities > Oracle > Primavera Gateway

DATE CVE VULNERABILITY TITLE RISK
2018-04-11 CVE-2018-1275 Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module.
network
low complexity
vmware oracle
critical
9.8
2018-04-06 CVE-2018-1272 Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests.
network
high complexity
vmware oracle
7.5
2018-04-06 CVE-2018-1271 Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g.
network
high complexity
vmware oracle
5.9
2018-04-06 CVE-2018-1270 Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module.
network
low complexity
vmware oracle redhat debian
critical
9.8
2018-01-18 CVE-2015-9251 Cross-site Scripting vulnerability in multiple products
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
network
low complexity
jquery oracle CWE-79
6.1
2017-04-24 CVE-2017-3508 Unspecified vulnerability in Oracle Primavera Gateway
Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite (subcomponent: Primavera Desktop Integration).
network
low complexity
oracle
critical
9.1
2017-04-24 CVE-2017-3500 Unspecified vulnerability in Oracle Primavera Gateway
Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite (subcomponent: Primavera Desktop Integration).
network
low complexity
oracle
8.7
2017-04-17 CVE-2017-5645 Deserialization of Untrusted Data vulnerability in multiple products
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
network
low complexity
apache netapp redhat oracle CWE-502
critical
9.8