Oracle Service Bus 12.2.1.3.0

CPE Details

Oracle Service Bus 12.2.1.3.0
12.2.1.3.0
2019-04-24
16h36 +00:00
2019-04-24
16h36 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*

Informations

Vendor

oracle

Product

service_bus

Version

12.2.1.3.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2019-10086 2019-08-20 18h10 +00:00 In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.
7.3
High
CVE-2019-2576 2019-04-23 16h16 +00:00 Vulnerability in the Oracle Service Bus component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Service Bus. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Service Bus. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
5.3
Medium
CVE-2019-11358 2019-04-18 22h00 +00:00 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
6.1
Medium
CVE-2015-9251 2018-01-18 22h00 +00:00 jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
6.1
Medium