Request a Demo
Rewterz
Rewterz Threat Advisory – CVE-2019-2414 – Oracle HTTP Server “Web Listener” Privilege Escalation Vulnerability
January 17, 2019
Rewterz
Rewterz Threat Advisory – CVE-2019-2550 & CVE-2019-2549 – Oracle FLEXCUBE Direct Banking “Logoff Page” Vulnerabilities
January 17, 2019

Rewterz Threat Advisory – Oracle Enterprise Manager for Virtualization Multiple Vulnerabilities

SEVERITY: Medium

 

 

ANALYSIS SUMMARY

 

 

CVE-2018-12022

2019-01-17: At the time of this advisory, a description was not available.

 

 

CVE-2018-14721

FasterXML jackson-databind 2.x before 2.9.7 can let remote attackers launch server-side request forgery (SSRF) attacks due to failure to block the axis2-jaxws class from polymorphic de-serialization.

 

 

CVE-2018-11307

2019-01-17: At the time of this advisory, a description was not available.

 

 

CVE-2018-12023

2019-01-17: At the time of this advisory, a description was not available.

 

 

CVE-2018-14718

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.

 

 

CVE-2018-14719

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.

 

 

CVE-2018-14720

FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.

 

 

AFFECTED PRODUCTS

 

 

Oracle Enterprise Manager 13.x

 

 

IMPACT

 

 

Security Bypass

 

 

REMEDIATION 

 

 

Apply update.

https://support.oracle.com/rs?type=doc&id=2466391.1