Oracle Agile Product Lifecycle Management 9.3.3

CPE Details

Oracle Agile Product Lifecycle Management 9.3.3
oracle
agile_product_lifecycle_management
9.3.3
2016-01-26
19h17 +00:00
2016-01-26
19h17 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.3:*:*:*:*:*:*:*

Informations

Vendor

oracle

Product

agile_product_lifecycle_management

Version

9.3.3

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2020-1935 2020-02-24 20h11 +00:00 In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.
4.8
Moyen
CVE-2019-2817 2019-07-23 20h31 +00:00 Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Folders, Files & Attachments). Supported versions that are affected are 9.3.3, 9.3.4, 9.3.5 and 9.3.6. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile PLM accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Agile PLM. CVSS 3.0 Base Score 5.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:L).
5.4
Moyen
CVE-2018-11040 2018-06-25 15h00 +00:00 Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests.
7.5
Haute
CVE-2018-1257 2018-05-11 20h00 +00:00 Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.
6.5
Moyen