Primavera Unifier

DATE	CVE	VULNERABILITY TITLE	RISK
2018-08-02	CVE-2018-8032	Cross-site Scripting vulnerability in multiple products Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services. network low complexity apache oracle debian CWE-79	6.1
2018-07-18	CVE-2018-2969	Unspecified vulnerability in Oracle Primavera Unifier Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core). network low complexity oracle	4.3
2018-07-18	CVE-2018-2968	Unspecified vulnerability in Oracle Primavera Unifier Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core). network low complexity oracle	6.5
2018-07-18	CVE-2018-2967	Unspecified vulnerability in Oracle Primavera Unifier Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core). low complexity oracle	5.3
2018-07-18	CVE-2018-2966	Unspecified vulnerability in Oracle Primavera Unifier Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core). network low complexity oracle	7.4
2018-07-18	CVE-2018-2965	Unspecified vulnerability in Oracle Primavera Unifier Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core). network low complexity oracle	6.1
2018-02-06	CVE-2017-7525	Incomplete Blacklist vulnerability in multiple products A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. network low complexity fasterxml debian netapp redhat oracle CWE-184 critical	9.8
2018-02-06	CVE-2017-15095	Deserialization of Untrusted Data vulnerability in multiple products A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. network low complexity fasterxml debian redhat netapp oracle CWE-502 critical	9.8
2018-01-18	CVE-2015-9251	Cross-site Scripting vulnerability in multiple products jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. network low complexity jquery oracle CWE-79	6.1
2018-01-18	CVE-2018-2620	Unspecified vulnerability in Oracle Primavera Unifier Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Platform). network low complexity oracle	8.1