Product Lifecycle Analytics Oracle Product Lifecycle Analytics

Do you want an email whenever new security vulnerabilities are reported in Oracle Product Lifecycle Analytics?

By the Year

In 2022 there have been 1 vulnerability in Oracle Product Lifecycle Analytics with an average score of 9.8 out of ten. Last year Product Lifecycle Analytics had 1 security vulnerability published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Product Lifecycle Analytics in 2022 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2022 is greater by 2.30.

Year Vulnerabilities Average Score
2022 1 9.80
2021 1 7.50
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Product Lifecycle Analytics vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Oracle Product Lifecycle Analytics Security Vulnerabilities

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding

CVE-2022-22965 9.8 - Critical - April 01, 2022

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.

Code Injection

Vulnerability in the Advanced Networking Option component of Oracle Database Server

CVE-2021-2351 7.5 - High - July 21, 2021

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: "Changes in Native Network Encryption with the July 2021 Critical Patch Update" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Oracle Zfs Storage Application Integration Engineering Software or by Oracle? Click the Watch button to subscribe.

Oracle
Vendor

subscribe