Vulnerabilities > Oracle > Primavera Unifier > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-07-15 CVE-2020-14617 Unspecified vulnerability in Oracle Primavera Unifier
Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Platform, Mobile App).
network
low complexity
oracle
5.7
2020-05-14 CVE-2020-1945 Exposure of Resource to Wrong Sphere vulnerability in multiple products
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information.
6.3
2020-04-27 CVE-2020-9489 Infinite Loop vulnerability in multiple products
A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser.
local
low complexity
apache oracle CWE-835
5.5
2019-11-08 CVE-2019-10219 A vulnerability was found in Hibernate-Validator.
network
low complexity
redhat netapp oracle
6.1
2019-10-23 CVE-2019-12415 XXE vulnerability in multiple products
In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.
local
low complexity
apache oracle CWE-611
5.5
2019-04-20 CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. 6.1
2018-10-17 CVE-2018-3148 Unspecified vulnerability in Oracle Primavera Unifier
Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Web Access).
network
low complexity
oracle
6.1
2018-08-02 CVE-2018-8032 Cross-site Scripting vulnerability in multiple products
Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.
network
low complexity
apache oracle debian CWE-79
6.1
2018-07-18 CVE-2018-2969 Unspecified vulnerability in Oracle Primavera Unifier
Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core).
network
low complexity
oracle
4.3
2018-07-18 CVE-2018-2968 Unspecified vulnerability in Oracle Primavera Unifier
Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core).
network
low complexity
oracle
6.5