Home/Product/oracle jd edwards enterpriseone tools
Product

oracle jd edwards enterpriseone tools

151 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-21946
>= 9.2.0.0 and <= 9.2.26.0
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions
6.1MEDIUM
 CVE-2025-53060
>= 9.2.0.0 and <= 9.2.9.4
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions
6.1MEDIUM
 CVE-2025-53056
>= 9.2.0.0 and <= 9.2.9.4
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Object and Environment Tech). Suppor
6.1MEDIUM
 CVE-2025-30760
>= 9.2.0.0 and <= 9.2.9.3
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions
5.4MEDIUM
 CVE-2025-30740
>= 9.2.0.0 and <= 9.2.9.2
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions
6.5MEDIUM
 CVE-2025-30709
>= 9.2.0.0 and <= 9.2.9.2
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions
6.1MEDIUM
 CVE-2025-21586
>= 9.2.0.0 and <= 9.2.9.2
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions
5.4MEDIUM
 CVE-2025-21538
< 9.2.9.2
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions
6.1MEDIUM
 CVE-2025-21527
< 9.2.9.0
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Design Tools SEC). Supported version
6.1MEDIUM
 CVE-2025-21524
< 9.2.9.0
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics SEC). Sup
9.8CRITICAL
 CVE-2025-21517
< 9.2.9.0
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions
4.3MEDIUM
 CVE-2025-21515
< 9.2.9.0
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions
8.8HIGH
 CVE-2025-21514
< 9.2.9.0
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions
5.3MEDIUM
 CVE-2025-21513
< 9.2.9.0
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions
6.1MEDIUM
 CVE-2025-21512
< 9.2.9.0
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions
6.1MEDIUM
 CVE-2025-21511
< 9.2.9.0
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions
7.5HIGH
 CVE-2025-21510
< 9.2.9.0
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions
7.5HIGH
 CVE-2025-21509
< 9.2.9.0
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions
6.5MEDIUM
 CVE-2025-21508
< 9.2.9.0
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions
6.5MEDIUM
 CVE-2025-21507
< 9.2.9.0
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions
5.4MEDIUM
 CVE-2024-21245
< 9.2.9.0
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Business Logic Infra SEC). Supported
5.4MEDIUM
 CVE-2024-21150
< 9.2.8.2
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions
6.1MEDIUM
 CVE-2024-20937
< 9.2.8.1
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics SEC). Sup
4.3MEDIUM
 CVE-2024-20905
< 9.2.8.0
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure SEC). Supp
2.7LOW
 CVE-2024-20957
< 9.2.8.1
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Package Build SEC). Supported versio
2.7LOW
 CVE-2023-22055
< 9.2.7.4
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions
6.1MEDIUM
 CVE-2023-21936
< 9.2.7.3
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions
5.4MEDIUM
 CVE-2023-21927
< 9.2.7.3
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Interoperability SEC). Supported ver
4.3MEDIUM
 CVE-2022-21631
<= 9.2.6.4
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Design Tools SEC). Supported versions
6.1MEDIUM
 CVE-2022-21630
<= 9.2.6.4
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions
6.1MEDIUM
 CVE-2022-21629
<= 9.2.6.4
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions
5.4MEDIUM
 CVE-2022-21561
<= 9.2.6.3
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime). Supported versions that
6.5MEDIUM
 CVE-2022-21542
<= 9.2.6.3
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime). Supported versions that
7.4HIGH
 CVE-2022-21464
>= 9.2.0.0 and <= 9.2.6.3
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Business Logic Infra SEC). The suppor
8.2HIGH
 CVE-2022-21409
< 9.2.6.3
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime). The supported version t
6.1MEDIUM
 CVE-2021-4160
all versions
There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of t
5.9MEDIUM
 CVE-2021-41184
<= 9.2.6.3
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the of option of the `.
6.5MEDIUM
 CVE-2021-41183
<= 9.2.6.3
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various *Text options o
6.5MEDIUM
 CVE-2021-41182
<= 9.2.6.3
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of
6.5MEDIUM
 CVE-2021-42013
< 9.2.6.0
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal
9.8CRITICAL
 CVE-2021-3712
< 9.2.6.3
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string dat
7.4HIGH
 CVE-2021-3711
< 9.2.6.3
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an applic
9.8CRITICAL
 CVE-2021-22940
<= 9.2.6.1
Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit th
7.5HIGH
 CVE-2021-22939
<= 9.2.6.1
If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was r
5.3MEDIUM
 CVE-2021-37695
< 9.2.6.0
ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEdito
7.3HIGH
 CVE-2021-32809
< 9.2.6.0
ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEdito
4.6MEDIUM
 CVE-2021-32808
<= 9.2.6.0
ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Wid
7.6HIGH
 CVE-2021-32066
< 9.2.6.1
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception w
7.4HIGH
 CVE-2021-31799
< 9.2.6.1
In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and
7.0HIGH
 CVE-2021-2375
>= 9.2.0.0 and <= 9.2.5.3
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime). Supported versions that
6.1MEDIUM
 CVE-2021-2373
>= 9.2.0.0 and <= 9.2.5.3
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime). Supported versions that
5.4MEDIUM
 CVE-2021-2351
all versions
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1
8.3HIGH
 CVE-2021-31810
< 9.2.6.1
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV
5.8MEDIUM
 CVE-2021-21409
< 9.2.6.3
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high perfor
5.9MEDIUM
 CVE-2021-3450
< 9.2.6.0
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not
7.4HIGH
 CVE-2021-3449
< 9.2.6.0
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renego
5.9MEDIUM
 CVE-2021-20227
< 9.2.6.0
A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL
5.5MEDIUM
 CVE-2021-22884
< 9.2.6.0
Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhos
7.5HIGH
 CVE-2021-22883
< 9.2.6.0
Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempt
7.5HIGH
 CVE-2021-23840
< 9.2.6.0
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the
7.5HIGH
 CVE-2021-23337
< 9.2.6.1
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
7.2HIGH
 CVE-2020-28500
< 9.2.6.1
Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd
5.3MEDIUM
 CVE-2021-26272
< 9.2.6.0
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text
6.5MEDIUM
 CVE-2021-26271
< 9.2.6.0
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the
6.5MEDIUM
 CVE-2020-36183
< 9.2.5.3
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org
8.1HIGH
 CVE-2020-36182
< 9.2.5.3
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org
8.1HIGH
 CVE-2020-36180
< 9.2.5.3
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org
8.1HIGH
 CVE-2020-36179
< 9.2.5.3
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oad
8.1HIGH
 CVE-2020-36189
<= 9.2.5.3
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com
8.1HIGH
 CVE-2020-36188
< 9.2.5.3
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com
8.1HIGH
 CVE-2020-36187
< 9.2.5.3
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org
8.1HIGH
 CVE-2020-36186
< 9.2.5.3
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org
8.1HIGH
 CVE-2020-36185
< 9.2.5.3
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org
8.1HIGH
 CVE-2020-36184
< 9.2.5.3
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org
8.1HIGH
 CVE-2020-36181
< 9.2.5.3
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org
8.1HIGH
 CVE-2020-35728
< 9.2.5.3
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com
8.1HIGH
 CVE-2020-28052
<= 9.2.5.3
An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compa
8.1HIGH
 CVE-2020-1971
< 9.2.5.3
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPar
5.9MEDIUM
 CVE-2020-25649
< 9.2.5.3
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerab
7.5HIGH
 CVE-2020-13956
< 9.2.6.0
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed
5.3MEDIUM
 CVE-2020-8277
< 9.2.6.0
A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Servic
7.5HIGH
 CVE-2020-27193
< 9.2.6.0
A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary
6.1MEDIUM
 CVE-2019-17566
< 9.2.4.0
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By
7.5HIGH
 CVE-2020-27216
< 9.2.6.0
In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Uni
7.0HIGH
 CVE-2020-25648
< 9.2.6.0
A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send mul
7.5HIGH
 CVE-2020-8203
<= 9.2.6.0
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
7.4HIGH
 CVE-2020-11023
< 9.2.5.0
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sourc
6.9MEDIUM
 CVE-2020-2733
all versions
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics). The supp
9.8CRITICAL
 CVE-2020-11620
< 9.2.4.2
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org
8.1HIGH
 CVE-2020-11619
< 9.2.4.2
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org
8.1HIGH
 CVE-2020-11113
< 9.2.4.2
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org
8.8HIGH
 CVE-2020-11112
< 9.2.4.2
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org
8.8HIGH
 CVE-2020-11111
< 9.2.4.2
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org
8.8HIGH
 CVE-2020-10969
< 9.2.4.2
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to jav
8.8HIGH
 CVE-2020-10968
< 9.2.4.2
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org
8.8HIGH
 CVE-2020-10673
< 9.2.4.2
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com
8.8HIGH
 CVE-2020-10672
< 9.2.4.2
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org
8.8HIGH
 CVE-2020-9281
< 9.2.5.2
A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inje
6.1MEDIUM
 CVE-2020-9548
< 9.2.4.2
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.
9.8CRITICAL
 CVE-2020-9547
< 9.2.4.2
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com
9.8CRITICAL
 CVE-2020-9546
< 9.2.4.2
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org
9.8CRITICAL
 CVE-2019-20330
< 9.2.4.2
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
9.8CRITICAL
 CVE-2019-17195
<= 9.2.5.3
Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an applica
9.8CRITICAL
 CVE-2019-17531
all versions
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (eith
9.8CRITICAL
 CVE-2019-16943
all versions
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (eith
9.8CRITICAL
 CVE-2019-16942
all versions
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (eith
9.8CRITICAL
 CVE-2019-10086
< 9.2.5.3
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker
7.3HIGH
 CVE-2019-14439
all versions
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is ena
7.5HIGH
 CVE-2019-14379
all versions
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.
9.8CRITICAL
 CVE-2019-2564
all versions
Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The suppo
4.3MEDIUM
 CVE-2019-11358
all versions
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Objec
6.1MEDIUM
 CVE-2018-12023
all versions
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (eithe
7.5HIGH
 CVE-2018-12022
all versions
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (eithe
7.5HIGH
 CVE-2019-1559
all versions
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to
5.9MEDIUM
 CVE-2018-14718
all versions
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block
9.8CRITICAL
 CVE-2018-15769
all versions
RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a
7.5HIGH
 CVE-2018-11058
all versions
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edi
9.8CRITICAL
 CVE-2018-11057
all versions
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channe
5.9MEDIUM
 CVE-2018-11056
all versions
RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0
6.5MEDIUM
 CVE-2018-11055
all versions
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing
5.5MEDIUM
 CVE-2018-11054
all versions
RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously
7.5HIGH
 CVE-2018-3006
all versions
Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The suppo
6.1MEDIUM
 CVE-2018-2999
all versions
Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The suppo
6.1MEDIUM
 CVE-2018-2950
all versions
Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The suppo
6.1MEDIUM
 CVE-2018-2949
all versions
Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The suppo
6.1MEDIUM
 CVE-2018-2948
all versions
Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The suppo
6.1MEDIUM
 CVE-2018-2947
all versions
Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The suppo
6.5MEDIUM
 CVE-2018-2946
all versions
Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The suppo
6.1MEDIUM
 CVE-2018-2945
all versions
Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The suppo
6.1MEDIUM
 CVE-2018-2944
all versions
Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Monitoring and Diagnost
7.5HIGH
 CVE-2018-8013
all versions
In Apache Batik 1.x before 1.10, when deserializing subclass of AbstractDocument, the class takes a string from the inputStream
9.8CRITICAL
 CVE-2017-15095
all versions
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenti
9.8CRITICAL
 CVE-2015-9251
all versions
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the
6.1MEDIUM
 CVE-2018-2659
all versions
Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime SEC). The s
6.1MEDIUM
 CVE-2018-2658
all versions
Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime SEC). The s
6.1MEDIUM
 CVE-2017-15707
all versions
In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS
6.2MEDIUM
 CVE-2016-8610
all versions
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol define
7.5HIGH
 CVE-2017-3730
all versions
In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result
7.5HIGH
 CVE-2017-3517
all versions
Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime SEC). The s
6.5MEDIUM
 CVE-2017-5645
all versions
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from anot
9.8CRITICAL
 CVE-2015-1793
all versions
The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.
6.5MEDIUM
 CVE-2014-6565
all versions
Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1.5 allows remote attack
 CVE-2011-3524
all versions
Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users t
 CVE-2011-3514
all versions
Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users t
 CVE-2011-3509
all versions
Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users t
 CVE-2011-2326
all versions
Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users t
 CVE-2011-2325
all versions
Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users t
 CVE-2011-2324
all versions
Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote attackers to affect a
 CVE-2011-2321
all versions
Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users t
 CVE-2011-2317
all versions
Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users t
 CVE-2006-1884
all versions
Unspecified vulnerability in the Oracle Thesaurus Management System component in Oracle E-Business Suite and OPA 4.5.2 Application
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin