Siebel Apps Marketing Oracle Siebel Apps Marketing

Do you want an email whenever new security vulnerabilities are reported in Oracle Siebel Apps Marketing?

By the Year

In 2022 there have been 0 vulnerabilities in Oracle Siebel Apps Marketing . Siebel Apps Marketing did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2022 0 0.00
2021 0 0.00
2020 2 5.35
2019 0 0.00
2018 0 0.00

It may take a day or so for new Siebel Apps Marketing vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Oracle Siebel Apps Marketing Security Vulnerabilities

When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to

CVE-2020-9484 7 - High - May 20, 2020

When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed.

Marshaling, Unmarshaling

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender

CVE-2020-9488 3.7 - Low - April 27, 2020

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1

Improper Certificate Validation

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Oracle Storagetek Acsls or by Oracle? Click the Watch button to subscribe.

Oracle
Vendor

subscribe