Summary
| Detail | |||
|---|---|---|---|
| Vendor | Oracle | First view | 2018-03-20 |
| Product | Goldengate Stream Analytics | Last view | 2020-03-02 |
| Version | Type | Application | |
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
| CPE Name | Affected CVE |
|---|---|
| cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:* | 7 |
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 9.8 | 2020-03-02 | CVE-2019-14893 | A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code. |
| 9.8 | 2020-01-03 | CVE-2019-20330 | FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking. |
| 9.8 | 2019-09-15 | CVE-2019-16335 | A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540. |
| 9.8 | 2019-09-15 | CVE-2019-14540 | A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig. |
| 9.8 | 2019-07-29 | CVE-2019-14379 | SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution. |
| 7.5 | 2019-03-28 | CVE-2019-0222 | In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive. |
| 9.8 | 2018-03-20 | CVE-2018-8088 | org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 80% (4) | CWE-502 | Deserialization of Untrusted Data |
| 20% (1) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-8b0ad602be.nasl - Type: ACT_GATHER_INFO |
| 2018-06-28 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2018-1159.nasl - Type: ACT_GATHER_INFO |
| 2018-05-02 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2018-1092.nasl - Type: ACT_GATHER_INFO |
| 2018-05-02 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2018-1093.nasl - Type: ACT_GATHER_INFO |
| 2018-04-20 | Name: The remote Amazon Linux 2 host is missing a security update. File: al2_ALAS-2018-999.nasl - Type: ACT_GATHER_INFO |
| 2018-03-30 | Name: The remote Fedora host is missing a security update. File: fedora_2018-a4353f97db.nasl - Type: ACT_GATHER_INFO |
| 2018-03-30 | Name: The remote Fedora host is missing a security update. File: fedora_2018-a46b358764.nasl - Type: ACT_GATHER_INFO |
| 2018-03-28 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2018-0592.nasl - Type: ACT_GATHER_INFO |
