Oracle Agile Engineering Data Management — known CVE vulnerabilities
Every CVE whose affected-product data names Oracle Agile Engineering Data Management, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2016-3468 — CVSS 9.8 (critical): Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.3.0 and…
CVE-2021-2351 — CVSS 8.3 (high): Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2…
CVE-2020-11987 — CVSS 8.2 (high): Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a…
CVE-2016-5518 — CVSS 8.1 (high): Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.3.0 and…
CVE-2017-3730 — CVSS 7.5 (high): In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the…
CVE-2021-42340 — CVSS 7.5 (high): The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71…
CVE-2020-13934 — CVSS 7.5 (high): An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1…
CVE-2019-0227 — CVSS 7.5 (high): A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and…
CVE-2020-13935 — CVSS 7.5 (high): The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to…
CVE-2020-11979 — CVSS 7.5 (high): As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was…
CVE-2019-17563 — CVSS 7.5 (high): When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where…
CVE-2020-9484 — CVSS 7.0 (high): When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is…
CVE-2022-23181 — CVSS 7.0 (high): The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to…
CVE-2022-23437 — CVSS 6.5 (medium): There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This…
CVE-2020-1945 — CVSS 6.3 (medium): Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir…
CVE-2019-10219 — CVSS 6.1 (medium): A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of…
CVE-2018-8032 — CVSS 6.1 (medium): Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.
CVE-2021-45105 — CVSS 5.9 (medium): Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from…
CVE-2020-17521 — CVSS 5.5 (medium): Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those…
CVE-2021-36374 — CVSS 5.5 (medium): When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory…
CVE-2019-17569 — CVSS 4.8 (medium): The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the…
CVE-2020-1935 — CVSS 4.8 (medium): In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line…
CVE-2017-10161 — CVSS 4.8 (medium): Vulnerability in the Oracle Engineering Data Management component of Oracle Supply Chain Products Suite (subcomponent: Web Services…
CVE-2021-29425 — CVSS 4.8 (medium): In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or…
CVE-2016-0497 — CVSS 4.3 (medium): Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.2.2, 6.1.3.0…
CVE-2016-3428 — CVSS 3.1 (low): Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.3.0 and…
CVE-2021-1996 — CVSS 2.4 (low): Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are…
CVE-2016-0498 — CVSS 1.5 (low): Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.2.2, 6.1.3.0…