Vulnerabilities > Oracle > Webcenter Portal > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-12-18 CVE-2021-45105 Uncontrolled Recursion vulnerability in multiple products
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups.
network
high complexity
apache netapp debian sonicwall oracle CWE-674
5.9
2021-11-17 CVE-2021-41165 CKEditor4 is an open source WYSIWYG HTML editor.
network
low complexity
ckeditor drupal oracle
5.4
2021-11-17 CVE-2021-41164 CKEditor4 is an open source WYSIWYG HTML editor.
network
low complexity
ckeditor drupal oracle fedoraproject
5.4
2021-08-23 CVE-2021-39140 XStream is a simple library to serialize objects to XML and back again. 6.3
2021-04-13 CVE-2021-29425 Path Traversal vulnerability in multiple products
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.
network
high complexity
apache debian oracle netapp CWE-22
4.8
2021-03-31 CVE-2021-28657 Infinite Loop vulnerability in multiple products
A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25.
local
low complexity
apache oracle CWE-835
5.5
2020-07-15 CVE-2020-14552 Unspecified vulnerability in Oracle Webcenter Portal 11.1.1.9.0/12.2.1.3.0/12.2.1.4.0
Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework).
network
low complexity
oracle
6.8
2020-04-27 CVE-2020-9489 Infinite Loop vulnerability in multiple products
A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser.
local
low complexity
apache oracle CWE-835
5.5
2020-03-07 CVE-2020-9281 Cross-site Scripting vulnerability in multiple products
A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax).
network
low complexity
ckeditor fedoraproject drupal oracle CWE-79
6.1
2019-11-08 CVE-2019-10219 A vulnerability was found in Hibernate-Validator.
network
low complexity
redhat netapp oracle
6.1