Summary
| Detail | |||
|---|---|---|---|
| Vendor | Oracle | First view | 2017-04-17 |
| Product | Policy Automation Connector For Siebel | Last view | 2020-04-29 |
| Version | Type | Application | |
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
| CPE Name | Affected CVE |
|---|---|
| cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:* | 6 |
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 6.1 | 2020-04-29 | CVE-2020-11022 | In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. |
| 3.7 | 2020-04-27 | CVE-2020-9488 | Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1 |
| 7.5 | 2019-05-01 | CVE-2019-0227 | A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue. |
| 6.1 | 2019-04-19 | CVE-2019-11358 | jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. |
| 6.1 | 2018-08-02 | CVE-2018-8032 | Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services. |
| 9.8 | 2017-04-17 | CVE-2017-5645 | In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 33% (1) | CWE-502 | Deserialization of Untrusted Data |
| 33% (1) | CWE-295 | Certificate Issues |
| 33% (1) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2018-08-24 | Name: The remote Fedora host is missing a security update. File: fedora_2018-8a85ed2f10.nasl - Type: ACT_GATHER_INFO |
| 2018-08-08 | Name: A web application running on the remote host is affected by multiple vulnerab... File: mysql_enterprise_monitor_3_4_8.nasl - Type: ACT_GATHER_INFO |
| 2018-03-21 | Name: The remote device is affected by multiple vulnerabilities. File: juniper_space_jsa_10838.nasl - Type: ACT_GATHER_INFO |
| 2017-12-13 | Name: The remote Red Hat host is missing a security update. File: redhat-RHSA-2017-3399.nasl - Type: ACT_GATHER_INFO |
| 2017-09-28 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2017-2809.nasl - Type: ACT_GATHER_INFO |
| 2017-09-28 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2017-2808.nasl - Type: ACT_GATHER_INFO |
| 2017-09-27 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2017-2811.nasl - Type: ACT_GATHER_INFO |
| 2017-09-11 | Name: The remote EulerOS host is missing a security update. File: EulerOS_SA-2017-1214.nasl - Type: ACT_GATHER_INFO |
| 2017-09-11 | Name: The remote EulerOS host is missing a security update. File: EulerOS_SA-2017-1213.nasl - Type: ACT_GATHER_INFO |
| 2017-09-08 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2017-2636.nasl - Type: ACT_GATHER_INFO |
| 2017-09-08 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2017-2638.nasl - Type: ACT_GATHER_INFO |
| 2017-09-08 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2017-2637.nasl - Type: ACT_GATHER_INFO |
| 2017-09-08 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2017-2635.nasl - Type: ACT_GATHER_INFO |
| 2017-09-01 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2017-2423.nasl - Type: ACT_GATHER_INFO |
| 2017-08-22 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20170807_log4j_on_SL7_x.nasl - Type: ACT_GATHER_INFO |
| 2017-08-10 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2017-2423.nasl - Type: ACT_GATHER_INFO |
| 2017-08-10 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2017-2423.nasl - Type: ACT_GATHER_INFO |
| 2017-07-17 | Name: The remote Fedora host is missing a security update. File: fedora_2017-b8358cda24.nasl - Type: ACT_GATHER_INFO |
| 2017-07-17 | Name: The remote Fedora host is missing a security update. File: fedora_2017-11edc0d6c3.nasl - Type: ACT_GATHER_INFO |
| 2017-06-13 | Name: The remote Fedora host is missing a security update. File: fedora_2017-8348115acd.nasl - Type: ACT_GATHER_INFO |
| 2017-06-13 | Name: The remote Fedora host is missing a security update. File: fedora_2017-7e0ff7f73a.nasl - Type: ACT_GATHER_INFO |
| 2017-05-05 | Name: The remote Fedora host is missing a security update. File: fedora_2017-2ccfbd650a.nasl - Type: ACT_GATHER_INFO |
| 2017-05-03 | Name: The remote Fedora host is missing a security update. File: fedora_2017-511ebfa8a3.nasl - Type: ACT_GATHER_INFO |
