Vulnerabilities > Oracle > SOA Suite
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-18 | CVE-2022-21622 | Unspecified vulnerability in Oracle SOA Suite 12.2.1.3.0/12.2.1.4.0 Vulnerability in the Oracle SOA Suite product of Oracle Fusion Middleware (component: Adapters). | 7.5 |
| 2019-10-08 | CVE-2019-17359 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. | 7.5 |
| 2019-04-23 | CVE-2019-2572 | Unspecified vulnerability in Oracle SOA Suite 11.1.1.9.0 Vulnerability in the Oracle SOA Suite component of Oracle Fusion Middleware (subcomponent: Fabric Layer). | 5.0 |
| 2018-07-18 | CVE-2018-3105 | Unspecified vulnerability in Oracle SOA Suite Vulnerability in the Oracle SOA Suite component of Oracle Fusion Middleware (subcomponent: Health Care FastPath). | 4.0 |
| 2018-07-09 | CVE-2018-1000613 | Unsafe Reflection vulnerability in multiple products Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. | 9.8 |
| 2018-06-05 | CVE-2018-1000180 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. | 7.5 |
| 2017-10-19 | CVE-2017-10026 | Unspecified vulnerability in Oracle SOA Suite 11.1.1.7.0 Vulnerability in the Oracle SOA Suite component of Oracle Fusion Middleware (subcomponent: Fabric Layer). network oracle | 5.8 |
| 2017-04-17 | CVE-2017-5645 | Deserialization of Untrusted Data vulnerability in multiple products In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. | 9.8 |