Filtered by vendor Oracle Subscriptions
Filtered by product Business Process Management Suite Subscriptions
Total 30 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-3100 1 Oracle 1 Business Process Management Suite 2024-11-21 N/A
Vulnerability in the Oracle Business Process Management Suite component of Oracle Fusion Middleware (subcomponent: Process Analysis & Discovery). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Process Management Suite. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Business Process Management Suite accessible data as well as unauthorized access to critical data or complete access to all Oracle Business Process Management Suite accessible data. CVSS 3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
CVE-2018-19362 4 Debian, Fasterxml, Oracle and 1 more 22 Debian Linux, Jackson-databind, Business Process Management Suite and 19 more 2024-11-21 N/A
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.
CVE-2018-19361 4 Debian, Fasterxml, Oracle and 1 more 22 Debian Linux, Jackson-databind, Business Process Management Suite and 19 more 2024-11-21 N/A
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.
CVE-2018-19360 4 Debian, Fasterxml, Oracle and 1 more 22 Debian Linux, Jackson-databind, Business Process Management Suite and 19 more 2024-11-21 N/A
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.
CVE-2018-14719 5 Debian, Fasterxml, Netapp and 2 more 31 Debian Linux, Jackson-databind, Oncommand Workflow Automation and 28 more 2024-11-21 9.8 Critical
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.
CVE-2018-14718 5 Debian, Fasterxml, Netapp and 2 more 36 Debian Linux, Jackson-databind, Oncommand Workflow Automation and 33 more 2024-11-21 9.8 Critical
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
CVE-2018-11761 2 Apache, Oracle 2 Tika, Business Process Management Suite 2024-11-21 N/A
In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.
CVE-2018-1000613 4 Bouncycastle, Netapp, Opensuse and 1 more 24 Legion-of-the-bouncy-castle-java-crytography-api, Oncommand Workflow Automation, Leap and 21 more 2024-11-21 9.8 Critical
Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.
CVE-2018-1000180 5 Bouncycastle, Debian, Netapp and 2 more 24 Fips Java Api, Legion-of-the-bouncy-castle-java-crytography-api, Debian Linux and 21 more 2024-11-21 N/A
Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later.
CVE-2015-9251 3 Jquery, Oracle, Redhat 51 Jquery, Agile Product Lifecycle Management For Process, Banking Platform and 48 more 2024-11-21 N/A
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.