Vulnerabilities > Oracle > Webcenter Sites > High

DATE CVE VULNERABILITY TITLE RISK
2021-05-28 CVE-2021-29505 XStream is software for serializing Java objects to XML and back again. 8.8
2020-04-15 CVE-2020-2739 Unspecified vulnerability in Oracle Webcenter Sites 12.2.1.3.0
Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI).
network
low complexity
oracle
7.4
2020-01-24 CVE-2020-7226 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data.
network
low complexity
vt oracle CWE-770
7.5
2020-01-15 CVE-2020-2538 Unspecified vulnerability in Oracle Webcenter Sites 12.2.1.3.0
Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI).
network
low complexity
oracle
7.1
2019-04-23 CVE-2019-2578 Unspecified vulnerability in Oracle Webcenter Sites 12.2.1.3.0
Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI).
network
low complexity
oracle
8.6
2019-04-22 CVE-2019-5427 XML Entity Expansion vulnerability in multiple products
c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.
network
low complexity
mchange fedoraproject oracle CWE-776
7.5
2018-10-18 CVE-2018-15756 Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource.
network
low complexity
vmware oracle debian
7.5
2018-04-19 CVE-2018-2791 Unspecified vulnerability in Oracle Webcenter Sites 11.1.1.8.0/12.2.1.2.0/12.2.1.3.0
Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI).
network
low complexity
oracle
8.2
2017-10-04 CVE-2017-12617 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g.
network
high complexity
apache canonical oracle debian netapp redhat CWE-434
8.1
2017-04-24 CVE-2017-3602 Unspecified vulnerability in Oracle Webcenter Sites
Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI).
network
low complexity
oracle
8.1