VYPR

Agile Plm

by Oracle Corporation

CVEs (83)

  • CVE-2016-8735CriKEVApr 6, 2017
    risk 0.76cvss 9.8epss 0.90

    Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated…

  • CVE-2017-12617HigKEVOct 4, 2017
    risk 0.69cvss 8.1epss 1.00

    When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via…

  • CVE-2016-3556CriJul 21, 2016
    risk 0.64cvss 9.8epss 0.04

    Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to EM Integration.

  • CVE-2016-3554HigJul 21, 2016
    risk 0.58cvss 8.8epss 0.04

    Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to PC / BOM, MCAD, and Design.

  • CVE-2020-9546CriMar 2, 2020
    risk 0.57cvss 9.8epss 0.05

    FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).

  • CVE-2016-5523HigOct 25, 2016
    risk 0.57cvss 8.8epss 0.02

    Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to AutoVue Java Applet.

  • CVE-2016-5515HigOct 25, 2016
    risk 0.57cvss 8.8epss 0.02

    Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RMIServlet.

  • CVE-2016-5514HigOct 25, 2016
    risk 0.57cvss 8.8epss 0.02

    Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to ExportServlet.

  • CVE-2020-11113HigMar 31, 2020
    risk 0.51cvss 8.8epss 0.06

    FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).

  • CVE-2020-11112HigMar 31, 2020
    risk 0.51cvss 8.8epss 0.04

    FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).

  • CVE-2016-3526HigJul 21, 2016
    risk 0.49cvss 7.5epss 0.04

    Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via vectors related to SDK, a different vulnerability than CVE-2016-3529 and CVE-2016-3560.

  • CVE-2016-5526HigOct 25, 2016
    risk 0.48cvss 7.3epss 0.01

    Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Apache Tomcat.

  • CVE-2016-3561HigJul 21, 2016
    risk 0.48cvss 7.3epss 0.02

    Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SDK.

  • CVE-2020-35728HigDec 27, 2020
    risk 0.47cvss 8.1epss 0.13

    FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).

  • CVE-2020-36183HigJan 7, 2021
    risk 0.46cvss 8.1epss 0.05

    FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.

  • CVE-2020-14060HigJun 14, 2020
    risk 0.46cvss 8.1epss 0.09

    FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).

  • CVE-2020-14062HigJun 14, 2020
    risk 0.46cvss 8.1epss 0.08

    FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).

  • CVE-2020-11619HigApr 7, 2020
    risk 0.46cvss 8.1epss 0.04

    FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).

  • CVE-2016-3539HigJul 21, 2016
    risk 0.46cvss 7.1epss 0.03

    Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect integrity and availability via vectors related to File Folders / Attachment, a different vulnerability than CVE-2016-3538.

  • CVE-2016-3538HigJul 21, 2016
    risk 0.46cvss 7.1epss 0.03

    Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect integrity and availability via vectors related to File Folders / Attachment, a different vulnerability than CVE-2016-3539.

Page 1 of 5