Enterprise Manager Virtualization Oracle Enterprise Manager Virtualization

Do you want an email whenever new security vulnerabilities are reported in Oracle Enterprise Manager Virtualization?

By the Year

In 2022 there have been 0 vulnerabilities in Oracle Enterprise Manager Virtualization . Enterprise Manager Virtualization did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 5 9.34
2018 2 9.80

It may take a day or so for new Enterprise Manager Virtualization vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Oracle Enterprise Manager Virtualization Security Vulnerabilities

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which

CVE-2019-10086 7.3 - High - August 20, 2019

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.

Marshaling, Unmarshaling

FasterXML jackson-databind 2.x before 2.9.7 might

CVE-2018-14718 9.8 - Critical - January 02, 2019

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.

Marshaling, Unmarshaling

FasterXML jackson-databind 2.x before 2.9.7 might

CVE-2018-14719 9.8 - Critical - January 02, 2019

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.

Marshaling, Unmarshaling

FasterXML jackson-databind 2.x before 2.9.7 might

CVE-2018-14720 9.8 - Critical - January 02, 2019

FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.

XXE

FasterXML jackson-databind 2.x before 2.9.7 might

CVE-2018-14721 10 - Critical - January 02, 2019

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.

XSPA

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could

CVE-2017-7525 9.8 - Critical - February 06, 2018

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

Denylist / Deny List

A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could

CVE-2017-15095 9.8 - Critical - February 06, 2018

A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.\

Marshaling, Unmarshaling

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Debian Linux or by Oracle? Click the Watch button to subscribe.

Oracle
Vendor

subscribe