Skip to main content

Insurance Rules Palette

24 CVEs product

Monthly

CVE-2021-2351 HIGH POC PATCH This Week

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Oracle Information Disclosure Advanced Networking Option Agile Engineering Data Management Agile Plm +108
NVD
CVSS 3.1
8.3
EPSS
2.5%
CVE-2021-22118 Maven HIGH PATCH This Week

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Java Spring Framework Commerce Guided Search Communications Brm Elastic Charging Engine +29
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-29425 Maven MEDIUM POC PATCH THREAT This Month

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Apache Path Traversal Commons Io Debian Linux Access Manager +57
NVD
CVSS 3.1
4.8
EPSS
10.6%
CVE-2020-36183 Maven HIGH POC PATCH This Week

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Apache Deserialization Jackson Databind Cloud Backup Service Level Manager +42
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
2.2%
CVE-2020-35728 Maven HIGH PATCH Act Now

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 41.1%.

Apache Oracle Deserialization Jackson Databind Debian Linux +38
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
41.1%
CVE-2020-25649 Maven HIGH PATCH This Week

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Jackson Databind Oncommand Api Services Oncommand Workflow Automation Service Level Manager +35
NVD GitHub
CVSS 3.1
7.5
EPSS
17.6%
CVE-2020-5421 Maven MEDIUM PATCH This Month

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable.

Java Authentication Bypass Spring Framework Commerce Guided Search Communications Brm +35
NVD
CVSS 3.1
6.5
EPSS
10.7%
CVE-2020-10683 Maven CRITICAL PATCH Act Now

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Dom4J Agile Plm Application Testing Suite Banking Platform +34
NVD GitHub
CVSS 3.1
9.8
EPSS
7.3%
CVE-2020-9488 Maven LOW PATCH Monitor

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Apache Log4J Communications Application Session Controller Communications Billing And Revenue Management +43
NVD VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2020-5397 Maven MEDIUM POC PATCH This Month

Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google Java CSRF Spring Framework Application Testing Suite +25
NVD
CVSS 3.1
5.3
EPSS
2.4%
CVE-2020-5398 Maven HIGH PATCH This Week

In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Java Spring Framework Application Testing Suite Communications Billing And Revenue Management Elastic Charging Engine +30
NVD
CVSS 3.1
7.5
EPSS
88.1%
CVE-2019-10219 Maven MEDIUM POC PATCH This Month

A vulnerability was found in Hibernate-Validator. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hibernate Validator Fuse Jboss Data Grid Jboss Enterprise Application Platform +184
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2019-12415 Maven MEDIUM PATCH This Month

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

XXE Microsoft Apache Poi Application Testing Suite +25
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2018-15756 Maven HIGH PATCH This Week

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Denial Of Service Spring Framework Agile Plm Communications Brm Elastic Charging Engine +37
NVD
CVSS 3.1
7.5
EPSS
9.5%
CVE-2018-11040 Maven HIGH PATCH This Week

Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Information Disclosure Spring Framework Agile Product Lifecycle Management Application Testing Suite +25
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2018-11039 Maven MEDIUM PATCH This Month

Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Java XSS Spring Framework Agile Plm Application Testing Suite +30
NVD
CVSS 3.1
5.9
EPSS
2.8%
CVE-2018-1258 Maven HIGH PATCH This Week

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Java Authentication Bypass Spring Security Spring Framework Agile Plm +39
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2018-1257 Maven MEDIUM PATCH This Month

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Java Denial Of Service Spring Framework Openshift Agile Product Lifecycle Management +27
NVD
CVSS 3.1
6.5
EPSS
3.3%
CVE-2018-1275 Maven CRITICAL PATCH Act Now

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Java Code Injection RCE Spring Framework Application Testing Suite +17
NVD
CVSS 3.1
9.8
EPSS
57.6%
CVE-2018-1272 Maven HIGH PATCH This Week

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

Java Privilege Escalation Spring Framework Application Testing Suite Big Data Discovery +22
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2018-1271 Maven MEDIUM POC PATCH THREAT This Month

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Java Microsoft Path Traversal Spring Framework Application Testing Suite +26
NVD
CVSS 3.1
5.9
EPSS
35.7%
CVE-2018-1270 Maven CRITICAL POC PATCH THREAT Act Now

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Code Injection RCE Spring Framework Application Testing Suite +26
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
77.2%
CVE-2017-5645 Maven CRITICAL POC PATCH THREAT Act Now

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 94.0%.

Deserialization Apache RCE Log4J Oncommand Api Services +77
NVD
CVSS 3.1
9.8
EPSS
94.0%
Threat
6.3
CVE-2016-0635 HIGH PATCH This Week

Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2, and 12.3.2; the Oracle Health Sciences Information Manager component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Elastic Information Disclosure Java Oracle Documaker +10
NVD
CVSS 3.0
8.8
EPSS
5.0%
EPSS 2% CVSS 8.3
HIGH POC PATCH This Week

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Oracle Information Disclosure Advanced Networking Option +110
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Java Spring Framework +31
NVD
EPSS 11% CVSS 4.8
MEDIUM POC PATCH THREAT This Month

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Apache Path Traversal Commons Io +59
NVD
EPSS 2% CVSS 8.1
HIGH POC PATCH This Week

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Apache Deserialization Jackson Databind +44
NVD GitHub VulDB
EPSS 41% CVSS 8.1
HIGH PATCH Act Now

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 41.1%.

Apache Oracle Deserialization +40
NVD GitHub VulDB
EPSS 18% CVSS 7.5
HIGH PATCH This Week

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Jackson Databind Oncommand Api Services +37
NVD GitHub
EPSS 11% CVSS 6.5
MEDIUM PATCH This Month

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable.

Java Authentication Bypass Spring Framework +37
NVD
EPSS 7% CVSS 9.8
CRITICAL PATCH Act Now

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Dom4J Agile Plm +36
NVD GitHub
EPSS 0% CVSS 3.7
LOW PATCH Monitor

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Apache Log4J +45
NVD VulDB
EPSS 2% CVSS 5.3
MEDIUM POC PATCH This Month

Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google Java CSRF +27
NVD
EPSS 88% CVSS 7.5
HIGH PATCH This Week

In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Java Spring Framework +32
NVD
EPSS 2% CVSS 6.1
MEDIUM POC PATCH This Month

A vulnerability was found in Hibernate-Validator. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hibernate Validator Fuse +186
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

XXE Microsoft Apache +27
NVD
EPSS 10% CVSS 7.5
HIGH PATCH This Week

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Denial Of Service Spring Framework +39
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Information Disclosure Spring Framework +27
NVD
EPSS 3% CVSS 5.9
MEDIUM PATCH This Month

Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Java XSS Spring Framework +32
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Java Authentication Bypass Spring Security +41
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Java Denial Of Service Spring Framework +29
NVD
EPSS 58% CVSS 9.8
CRITICAL PATCH Act Now

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Java Code Injection RCE +19
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

Java Privilege Escalation Spring Framework +24
NVD
EPSS 36% CVSS 5.9
MEDIUM POC PATCH THREAT This Month

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Java Microsoft Path Traversal +28
NVD
EPSS 77% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Code Injection RCE +28
NVD Exploit-DB
EPSS 94% 6.3 CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 94.0%.

Deserialization Apache RCE +79
NVD
EPSS 5% CVSS 8.8
HIGH PATCH This Week

Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2, and 12.3.2; the Oracle Health Sciences Information Manager component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Elastic Information Disclosure Java +12
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy