VYPR

Identity Management Suite

by Oracle Corporation

CVEs (7)

  • CVE-2017-5645CriApr 17, 2017
    risk 0.71cvss 9.8epss 0.89

    In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.

  • CVE-2022-23307HigJan 18, 2022
    risk 0.57cvss 8.8epss 0.52

    CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.

  • CVE-2022-23305CriJan 18, 2022
    risk 0.57cvss 9.8epss 0.67

    By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering…

  • CVE-2021-45105MedDec 18, 2021
    risk 0.37cvss 5.9epss 1.00

    Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is…

  • CVE-2018-2417MedMay 9, 2018
    risk 0.35cvss 5.3epss 0.01

    Under certain conditions, the SAP Identity Management 8.0 (pass of type ToASCII) allows an attacker to access information which would otherwise be restricted.

  • CVE-2018-2416MedMay 9, 2018
    risk 0.35cvss 5.4epss 0.02

    SAP Identity Management 7.2 and 8.0 do not sufficiently validate an XML document accepted from an untrusted source.

  • CVE-2020-6258May 12, 2020
    risk 0.00cvss epss 0.01

    SAP Identity Management, version 8.0, does not perform necessary authorization checks for an authenticated user, allowing the attacker to view certain sensitive information of the victim, leading to Missing Authorization Check.