Oracle Endeca Information Discovery Studio 3.2.0.0

CPE Details

Oracle Endeca Information Discovery Studio 3.2.0.0
oracle
endeca_information_discovery_studio
3.2.0.0
2021-12-02
13h29 +00:00
2021-12-02
21h36 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0.0:*:*:*:*:*:*:*

Informations

Vendor

oracle

Product

endeca_information_discovery_studio

Version

3.2.0.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2020-26217 2020-11-16 20h00 +00:00 XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14.
8.8
High
CVE-2020-11979 2020-10-01 17h24 +00:00 As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.
7.5
High
CVE-2019-10173 2019-07-23 10h50 +00:00 It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. e.g. JSON. (regression of CVE-2013-7285)
9.8
Critical