Oracle GraalVM 19.3.1 Enterprise Edition

CPE Details

Oracle GraalVM 19.3.1 Enterprise Edition
oracle
graalvm
19.3.1
2020-04-16
16h02 +00:00
2020-04-16
16h02 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:oracle:graalvm:19.3.1:*:*:*:enterprise:*:*:*

Informations

Vendor

oracle

Product

graalvm

Version

19.3.1

Software Edition

enterprise

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2020-2900 2020-04-15 11h29 +00:00 Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: Tools). Supported versions that are affected are 19.3.1 and 20.0.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle GraalVM Enterprise Edition accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N).
3.7
Low
CVE-2020-2799 2020-04-15 11h29 +00:00 Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: GraalVM Compiler). Supported versions that are affected are 19.3.1 and 20.0.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle GraalVM Enterprise Edition accessible data. CVSS 3.0 Base Score 6.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N).
6.3
Medium
CVE-2020-2802 2020-04-15 11h29 +00:00 Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: GraalVM Compiler). Supported versions that are affected are 19.3.1 and 20.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GraalVM Enterprise Edition. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).
7.7
High
CVE-2019-15606 2020-02-07 13h58 +00:00 Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons
9.8
Critical
CVE-2019-15604 2020-02-07 13h57 +00:00 Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate
7.5
High
CVE-2019-15605 2020-02-07 13h55 +00:00 HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed
9.8
Critical