Oracle Enterprise Manager Virtualization
By the Year
In 2024 there have been 0 vulnerabilities in Oracle Enterprise Manager Virtualization . Enterprise Manager Virtualization did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 5 | 9.34 |
| 2018 | 2 | 9.80 |
It may take a day or so for new Enterprise Manager Virtualization vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Oracle Enterprise Manager Virtualization Security Vulnerabilities
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which
CVE-2019-10086
7.3 - High
- August 20, 2019
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.
Marshaling, Unmarshaling
FasterXML jackson-databind 2.x before 2.9.7 might
CVE-2018-14718
9.8 - Critical
- January 02, 2019
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
Marshaling, Unmarshaling
FasterXML jackson-databind 2.x before 2.9.7 might
CVE-2018-14719
9.8 - Critical
- January 02, 2019
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.
Marshaling, Unmarshaling
FasterXML jackson-databind 2.x before 2.9.7 might
CVE-2018-14720
9.8 - Critical
- January 02, 2019
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.
XXE
FasterXML jackson-databind 2.x before 2.9.7 might
CVE-2018-14721
10 - Critical
- January 02, 2019
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.
XSPA
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could
CVE-2017-7525
9.8 - Critical
- February 06, 2018
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
Denylist / Deny List
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could
CVE-2017-15095
9.8 - Critical
- February 06, 2018
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.
Marshaling, Unmarshaling
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Debian Linux or by Oracle? Click the Watch button to subscribe.
