Oracle Utilities Framework — known CVE vulnerabilities
Every CVE whose affected-product data names Oracle Utilities Framework, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (38)
CVE-2019-17495 — CVSS 9.8 (critical): A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite…
CVE-2020-10683 — CVSS 9.8 (critical): dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However…
CVE-2018-8088 — CVSS 9.8 (critical): org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access…
CVE-2019-10173 — CVSS 9.8 (critical): It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security…
CVE-2020-14756 — CVSS 9.8 (critical): Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core Components). Supported versions that are…
CVE-2021-39148 — CVSS 8.5 (high): XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker…
CVE-2021-39149 — CVSS 8.5 (high): XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker…
CVE-2021-39153 — CVSS 8.5 (high): XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker…
CVE-2021-39152 — CVSS 8.5 (high): XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker…
CVE-2021-39151 — CVSS 8.5 (high): XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker…
CVE-2021-39150 — CVSS 8.5 (high): XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker…
CVE-2021-39139 — CVSS 8.5 (high): XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker…
CVE-2021-39141 — CVSS 8.5 (high): XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker…
CVE-2021-39145 — CVSS 8.5 (high): XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker…
CVE-2021-39146 — CVSS 8.5 (high): XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker…
CVE-2021-39147 — CVSS 8.5 (high): XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker…
CVE-2021-39154 — CVSS 8.5 (high): XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker…
CVE-2021-2351 — CVSS 8.3 (high): Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2…
CVE-2020-28052 — CVSS 8.1 (high): An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared…
CVE-2020-25649 — CVSS 7.5 (high): A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to…
CVE-2018-1000632 — CVSS 7.5 (high): dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute…
CVE-2020-11979 — CVSS 7.5 (high): As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was…
CVE-2020-36518 — CVSS 7.5 (high): jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
CVE-2021-31684 — CVSS 7.5 (high): A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of…
CVE-2019-10086 — CVSS 7.3 (high): In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to…
CVE-2021-39140 — CVSS 6.5 (medium): XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker…
CVE-2020-1945 — CVSS 6.3 (medium): Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir…
CVE-2015-9251 — CVSS 6.1 (medium): jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType…
CVE-2019-10219 — CVSS 6.1 (medium): A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of…
CVE-2021-27568 — CVSS 5.9 (medium): An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function…
CVE-2021-45105 — CVSS 5.9 (medium): Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from…
CVE-2021-36373 — CVSS 5.5 (medium): When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an…
CVE-2021-36374 — CVSS 5.5 (medium): When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory…
CVE-2026-21924 — CVSS 5.4 (medium): Vulnerability in the Oracle Utilities Application Framework product of Oracle Utilities Applications (component: General). Supported…
CVE-2020-14895 — CVSS 5.4 (medium): Vulnerability in the Oracle Utilities Framework product of Oracle Utilities Applications (component: System Wide). Supported versions that…
CVE-2020-9488 — CVSS 3.7 (low): Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted…