Vulnerabilities > Oracle > Siebel UI Framework

DATE CVE VULNERABILITY TITLE RISK
2020-01-15 CVE-2020-2560 Unspecified vulnerability in Oracle Siebel UI Framework
Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: SWSE Server).
network
low complexity
oracle
4.7
2020-01-15 CVE-2020-2559 Unspecified vulnerability in Oracle Siebel UI Framework
Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: UIF Open UI).
network
low complexity
oracle
5.3
2020-01-03 CVE-2019-20330 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
network
low complexity
fasterxml oracle debian netapp CWE-502
critical
9.8
2019-10-16 CVE-2019-2935 Unspecified vulnerability in Oracle Siebel UI Framework
Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: EAI).
network
low complexity
oracle
5.3
2019-10-01 CVE-2019-16942 Deserialization of Untrusted Data vulnerability in multiple products
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10.
network
low complexity
fasterxml debian fedoraproject redhat netapp oracle CWE-502
critical
9.8
2019-07-30 CVE-2019-14439 Deserialization of Untrusted Data vulnerability in multiple products
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2.
7.5
2019-07-29 CVE-2019-14379 SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.
network
low complexity
fasterxml debian netapp fedoraproject redhat oracle apple
critical
9.8
2019-07-23 CVE-2019-2857 Unspecified vulnerability in Oracle Siebel UI Framework
Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI).
network
low complexity
oracle
5.4
2019-05-01 CVE-2019-0227 Server-Side Request Forgery (SSRF) vulnerability in multiple products
A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006.
high complexity
apache oracle CWE-918
7.5
2019-04-20 CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. 6.1