Vulnerabilities > Oracle > Storagetek Tape Analytics SW Tool > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-05-01 CVE-2020-10683 XXE vulnerability in multiple products
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks.
network
low complexity
dom4j-project oracle opensuse netapp canonical CWE-611
critical
 9.8
9.8
2019-06-19 CVE-2019-2729 Improper Access Control vulnerability in Oracle products
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services).
network
low complexity
oracle CWE-284
critical
 9.8
9.8
2019-04-26 CVE-2019-2725 Injection vulnerability in Oracle products
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services).
network
low complexity
oracle CWE-74
critical
 9.8
9.8
2015-11-18 CVE-2015-4852 Deserialization of Untrusted Data vulnerability in Oracle products
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar.
network
low complexity
oracle CWE-502
critical
 9.8
9.8