Home/Product/oracle fusion middleware mapviewer
Product

oracle fusion middleware mapviewer

13 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2021-29425
all versions
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo",
4.8MEDIUM
 CVE-2020-11987
all versions
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By usi
8.2HIGH
 CVE-2019-17566
all versions
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By
7.5HIGH
 CVE-2020-14608
all versions
Vulnerability in the Oracle Fusion Middleware MapViewer product of Oracle Fusion Middleware (component: Tile Server). The supporte
8.2HIGH
 CVE-2020-14607
all versions
Vulnerability in the Oracle Fusion Middleware MapViewer product of Oracle Fusion Middleware (component: Tile Server). Supported ve
6.1MEDIUM
 CVE-2019-10219
all versions
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting
6.1MEDIUM
 CVE-2019-13990
all versions
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a jo
9.8CRITICAL
 CVE-2019-11358
all versions
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Objec
6.1MEDIUM
 CVE-2018-2943
all versions
Vulnerability in the Oracle Fusion Middleware MapViewer component of Oracle Fusion Middleware (subcomponent: Map Builder). Support
9.8CRITICAL
 CVE-2018-8013
all versions
In Apache Batik 1.x before 1.10, when deserializing subclass of AbstractDocument, the class takes a string from the inputStream
9.8CRITICAL
 CVE-2015-9251
all versions
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the
6.1MEDIUM
 CVE-2017-3230
all versions
Vulnerability in the Oracle Fusion Middleware MapViewer component of Oracle Fusion Middleware (subcomponent: Map Builder). Support
8.6HIGH
 CVE-2017-5645
all versions
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from anot
9.8CRITICAL
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin