Oracle Enterprise Manager Base Platform — known CVE vulnerabilities
Every CVE whose affected-product data names Oracle Enterprise Manager Base Platform, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (135)
CVE-2026-46832 — CVSS 9.9 (critical): Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Discovery Framework)…
CVE-2026-46852 — CVSS 9.9 (critical): Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Metadata Plugin). Supported…
CVE-2026-46855 — CVSS 9.9 (critical): Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Metadata Plugin). Supported…
CVE-2026-46854 — CVSS 9.9 (critical): Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Target Management). Supported…
CVE-2019-13990 — CVSS 9.8 (critical): initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job…
CVE-2020-11972 — CVSS 9.8 (critical): Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected…
CVE-2019-17195 — CVSS 9.8 (critical): Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application…
CVE-2026-46857 — CVSS 9.8 (critical): Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Oracle Management Service)…
CVE-2020-9548 — CVSS 9.8 (critical): FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-9547 — CVSS 9.8 (critical): FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-9546 — CVSS 9.8 (critical): FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-2961 — CVSS 9.8 (critical): Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Discovery Framework (Oracle OHS))…
CVE-2020-10683 — CVSS 9.8 (critical): dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However…
CVE-2018-1000613 — CVSS 9.8 (critical): Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of…
CVE-2020-11973 — CVSS 9.8 (critical): Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected…
CVE-2022-23305 — CVSS 9.8 (critical): By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are…
CVE-2019-12419 — CVSS 9.8 (critical): Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect service. There…
CVE-2017-5645 — CVSS 9.8 (critical): In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another…
CVE-2026-46853 — CVSS 9.6 (critical): Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Metadata Plugin). Supported…
CVE-2026-46856 — CVSS 9.6 (critical): Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Metadata Plugin). Supported…
CVE-2026-46875 — CVSS 9.1 (critical): Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Deployment Library)…
CVE-2026-34279 — CVSS 9.1 (critical): Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Event Management). Supported…
CVE-2026-46872 — CVSS 9.0 (critical): Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Install). Supported versions…
CVE-2020-11112 — CVSS 8.8 (high): FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2022-21392 — CVSS 8.8 (high): Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Policy Framework). Supported…
CVE-2021-3518 — CVSS 8.8 (high): There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application…
CVE-2021-2137 — CVSS 8.8 (high): Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Policy Framework). Supported…
CVE-2024-21067 — CVSS 8.8 (high): Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Host Management). The…
CVE-2022-23307 — CVSS 8.8 (high): CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of…
CVE-2022-23302 — CVSS 8.8 (high): JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j…
CVE-2019-5063 — CVSS 8.8 (high): An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV 4.1.0. A specially…
CVE-2019-5064 — CVSS 8.8 (high): An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, before version 4.2.0. A…
CVE-2020-10672 — CVSS 8.8 (high): FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-10673 — CVSS 8.8 (high): FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-10968 — CVSS 8.8 (high): FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-10969 — CVSS 8.8 (high): FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-11111 — CVSS 8.8 (high): FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2026-46864 — CVSS 8.8 (high): Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Agent Next Gen). Supported…
CVE-2020-11113 — CVSS 8.8 (high): FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2021-3517 — CVSS 8.6 (high): There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted…
CVE-2020-10878 — CVSS 8.6 (high): Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular…
CVE-2021-2351 — CVSS 8.3 (high): Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2…
CVE-2026-46865 — CVSS 8.2 (high): Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Extensibility Framework)…
CVE-2020-10543 — CVSS 8.2 (high): Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer…
CVE-2026-46866 — CVSS 8.2 (high): Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Agent Next Gen). Supported…
CVE-2020-11620 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-11619 — CVSS 8.1 (high): FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2022-21536 — CVSS 8.1 (high): Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Policy Framework). Supported…
CVE-2018-12539 — CVSS 7.8 (high): In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM…
CVE-2017-10091 — CVSS 7.7 (high): Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: UI Framework)…
CVE-2016-2381 — CVSS 7.5 (high): Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment…
CVE-2017-3518 — CVSS 7.5 (high): Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Discovery…
CVE-2017-9735 — CVSS 7.5 (high): Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain…
CVE-2019-0188 — CVSS 7.5 (high): Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable…
CVE-2019-0222 — CVSS 7.5 (high): In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.
CVE-2019-0227 — CVSS 7.5 (high): A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and…
CVE-2019-20388 — CVSS 7.5 (high): xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.
CVE-2019-5427 — CVSS 7.5 (high): c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against…
CVE-2020-11971 — CVSS 7.5 (high): Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should…
CVE-2020-12723 — CVSS 7.5 (high): regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.
CVE-2020-1967 — CVSS 7.5 (high): Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer…
CVE-2020-5398 — CVSS 7.5 (high): In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is…
CVE-2020-7595 — CVSS 7.5 (high): xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
CVE-2021-34798 — CVSS 7.5 (high): Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.
CVE-2021-36160 — CVSS 7.5 (high): A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects…
CVE-2021-4104 — CVSS 7.5 (high): JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration…
CVE-2022-21623 — CVSS 7.5 (high): Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Application Config Console)…
CVE-2024-20917 — CVSS 7.5 (high): Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Log Management). The…
CVE-2018-1656 — CVSS 7.4 (high): The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does…
CVE-2022-21516 — CVSS 7.3 (high): Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Manager Install)…
CVE-2026-46867 — CVSS 7.2 (high): Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Extensibility Framework)…
CVE-2026-46868 — CVSS 7.2 (high): Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Extensibility Framework)…
CVE-2018-2750 — CVSS 7.1 (high): Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Products Suite (subcomponent: UI Framework)…
CVE-2020-2982 — CVSS 7.1 (high): Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management)…
CVE-2020-24977 — CVSS 6.5 (medium): GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has…
CVE-2018-1257 — CVSS 6.5 (medium): Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to…
CVE-2018-3303 — CVSS 6.5 (medium): Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Products Suite (subcomponent: EM Console)…
CVE-2019-2897 — CVSS 6.4 (medium): Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions)…
CVE-2016-5604 — CVSS 6.3 (medium): Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.5 allows local…
CVE-2016-3563 — CVSS 6.3 (medium): Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.5 allows local…
CVE-2020-2609 — CVSS 6.3 (medium): Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management)…
CVE-2021-2053 — CVSS 6.1 (medium): Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: UI Framework). The supported version…
CVE-2019-10219 — CVSS 6.1 (medium): A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of…
CVE-2022-29577 — CVSS 6.1 (medium): OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly…
CVE-2018-8032 — CVSS 6.1 (medium): Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.
CVE-2020-2644 — CVSS 6.0 (medium): Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Oracle Management Service)…
CVE-2020-2645 — CVSS 6.0 (medium): Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). Supported…
CVE-2020-2613 — CVSS 6.0 (medium): Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Global EM Framework). Supported…
CVE-2020-2612 — CVSS 6.0 (medium): Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management)…
CVE-2020-2611 — CVSS 6.0 (medium): Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management)…
CVE-2020-2610 — CVSS 6.0 (medium): Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management)…
CVE-2020-2608 — CVSS 6.0 (medium): Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Repository). Supported versions that…
CVE-2020-2621 — CVSS 6.0 (medium): Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management)…
CVE-2020-2623 — CVSS 6.0 (medium): Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Metrics Framework). Supported…
CVE-2020-2624 — CVSS 6.0 (medium): Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). Supported…
CVE-2020-2625 — CVSS 6.0 (medium): Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Job System). Supported versions that…
CVE-2020-2626 — CVSS 6.0 (medium): Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Cloud Control Manager - OMS)…
CVE-2020-2628 — CVSS 6.0 (medium): Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Host Management). Supported versions…
CVE-2020-2629 — CVSS 6.0 (medium): Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Extensibility Framework). Supported…
CVE-2020-2630 — CVSS 6.0 (medium): Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Extensibility Framework). Supported…
CVE-2020-2631 — CVSS 6.0 (medium): Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Application Service Level Mgmt)…
CVE-2020-2632 — CVSS 6.0 (medium): Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: System Monitoring). Supported…
CVE-2020-2633 — CVSS 6.0 (medium): Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). Supported…
CVE-2020-2634 — CVSS 6.0 (medium): Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Configuration Standard Framewk)…
CVE-2020-2635 — CVSS 6.0 (medium): Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: System Monitoring). Supported…
CVE-2020-2636 — CVSS 6.0 (medium): Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Application Service Level Mgmt)…
CVE-2020-2639 — CVSS 6.0 (medium): Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Host Management). Supported versions…
CVE-2020-2642 — CVSS 6.0 (medium): Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). Supported…
CVE-2020-2643 — CVSS 6.0 (medium): Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Job System). Supported versions that…
CVE-2020-2615 — CVSS 6.0 (medium): Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Oracle Management Service)…
CVE-2020-2616 — CVSS 6.0 (medium): Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Manager Repository)…
CVE-2020-2617 — CVSS 6.0 (medium): Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Discovery Framework). Supported…
CVE-2020-2618 — CVSS 6.0 (medium): Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management)…
CVE-2020-2619 — CVSS 6.0 (medium): Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management)…
CVE-2020-2620 — CVSS 6.0 (medium): Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management)…
CVE-2020-2622 — CVSS 6.0 (medium): Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Event Management). Supported…
CVE-2018-11039 — CVSS 5.9 (medium): Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to…
CVE-2020-1971 — CVSS 5.9 (medium): The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName…
CVE-2019-1559 — CVSS 5.9 (medium): If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive…
CVE-2021-45105 — CVSS 5.9 (medium): Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from…
CVE-2018-0734 — CVSS 5.9 (medium): The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in…
CVE-2018-0735 — CVSS 5.9 (medium): The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in…
CVE-2021-3537 — CVSS 5.9 (medium): A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing…
CVE-2019-12415 — CVSS 5.5 (medium): In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted…
CVE-2020-2646 — CVSS 5.4 (medium): Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Command Line Interface). Supported…
CVE-2019-10246 — CVSS 5.3 (medium): In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base…
CVE-2020-5397 — CVSS 5.3 (medium): Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC…
CVE-2020-1954 — CVSS 5.3 (medium): Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the…
CVE-2019-10247 — CVSS 5.3 (medium): In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version…
CVE-2018-5407 — CVSS 4.7 (medium): Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel…
CVE-2022-21469 — CVSS 4.7 (medium): Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: UI Framework). Supported versions…
CVE-2016-3540 — CVSS 4.3 (medium): Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.5 and 13.1.0.0…