Home/Product/oracle jd edwards enterpriseone orchestrator
Product

oracle jd edwards enterpriseone orchestrator

44 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-21552
< 9.2.9.2
Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security).
6.5MEDIUM
 CVE-2024-21168
< 9.2.8.3
Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security).
6.5MEDIUM
 CVE-2023-22050
< 9.2.7.4
Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security).
5.4MEDIUM
 CVE-2022-21532
<= 9.2.6.3
Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator). Supporte
4.3MEDIUM
 CVE-2021-2052
< 9.2.5.1
Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security).
5.8MEDIUM
 CVE-2020-36183
< 9.2.5.3
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org
8.1HIGH
 CVE-2020-36182
< 9.2.5.3
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org
8.1HIGH
 CVE-2020-36180
< 9.2.5.3
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org
8.1HIGH
 CVE-2020-36179
< 9.2.5.3
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oad
8.1HIGH
 CVE-2020-36189
< 9.2.5.3
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com
8.1HIGH
 CVE-2020-36188
< 9.2.5.3
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com
8.1HIGH
 CVE-2020-36187
< 9.2.5.3
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org
8.1HIGH
 CVE-2020-36186
< 9.2.5.3
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org
8.1HIGH
 CVE-2020-36185
< 9.2.5.3
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org
8.1HIGH
 CVE-2020-36184
< 9.2.5.3
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org
8.1HIGH
 CVE-2020-36181
< 9.2.5.3
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org
8.1HIGH
 CVE-2020-35728
< 9.2.5.3
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com
8.1HIGH
 CVE-2020-17521
all versions
Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of
5.5MEDIUM
 CVE-2020-25649
< 9.2.5.3
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerab
7.5HIGH
 CVE-2020-13956
< 9.2.6.0
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed
5.3MEDIUM
 CVE-2020-11023
< 9.2.5.0
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sourc
6.9MEDIUM
 CVE-2020-11620
< 9.2.4.2
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org
8.1HIGH
 CVE-2020-11619
< 9.2.4.2
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org
8.1HIGH
 CVE-2020-11113
< 9.2.4.2
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org
8.8HIGH
 CVE-2020-11112
< 9.2.4.2
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org
8.8HIGH
 CVE-2020-11111
< 9.2.4.2
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org
8.8HIGH
 CVE-2020-10969
< 9.2.4.2
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to jav
8.8HIGH
 CVE-2020-10968
< 9.2.4.2
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org
8.8HIGH
 CVE-2020-10673
< 9.2.4.2
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com
8.8HIGH
 CVE-2020-10672
< 9.2.4.2
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org
8.8HIGH
 CVE-2020-9548
< 9.2.4.2
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.
9.8CRITICAL
 CVE-2020-9547
< 9.2.4.2
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com
9.8CRITICAL
 CVE-2020-9546
< 9.2.4.2
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org
9.8CRITICAL
 CVE-2019-20330
< 9.2.4.2
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
9.8CRITICAL
 CVE-2019-10219
< 9.2.6.1
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting
6.1MEDIUM
 CVE-2019-17195
<= 9.2.5.3
Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an applica
9.8CRITICAL
 CVE-2019-17531
all versions
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (eith
9.8CRITICAL
 CVE-2019-16943
all versions
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (eith
9.8CRITICAL
 CVE-2019-16942
all versions
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (eith
9.8CRITICAL
 CVE-2019-10086
< 9.2.5.3
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker
7.3HIGH
 CVE-2019-14439
all versions
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is ena
7.5HIGH
 CVE-2019-14379
all versions
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.
9.8CRITICAL
 CVE-2019-13990
<= 9.2.5.3
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a jo
9.8CRITICAL
 CVE-2018-14718
all versions
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block
9.8CRITICAL
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin