| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of Oracle Identity Management
OpenSSL 1.0.2: information disclosure via 0-byte Record Padding Oracle
Synthesis of the vulnerability
An attacker can bypass access restrictions to data via 0-byte Record Padding Oracle of OpenSSL 1.0.2, in order to obtain sensitive information.
Impacted products: SDS, SES, SNS, Blue Coat CAS, Debian, AIX, IBM i, Rational ClearCase, Tivoli Storage Manager, Juniper EX-Series, Juniper J-Series, Junos OS, SRX-Series, MariaDB ~ precise, McAfee Web Gateway, MySQL Community, MySQL Enterprise, Nodejs Core, OpenSSL, openSUSE Leap, Oracle Fusion Middleware, Oracle Identity Management, Solaris, WebLogic, Percona Server, RHEL, SIMATIC, Slackware, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, Synology DSM, Synology DS***, Synology RS***, Nessus, Ubuntu, WinSCP.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 26/02/2019.
Identifiers: bulletinapr2019, bulletinjul2019, CERTFR-2019-AVI-080, CERTFR-2019-AVI-132, CERTFR-2019-AVI-214, CERTFR-2019-AVI-325, cpuapr2019, cpujul2019, CVE-2019-1559, DLA-1701-1, DSA-4400-1, ibm10876638, ibm10886237, ibm10886659, JSA10949, openSUSE-SU-2019:1076-1, openSUSE-SU-2019:1105-1, openSUSE-SU-2019:1173-1, openSUSE-SU-2019:1175-1, openSUSE-SU-2019:1432-1, openSUSE-SU-2019:1637-1, RHBUG-1683804, RHBUG-1683807, RHSA-2019:2304-01, RHSA-2019:2471-01, SB10282, SSA:2019-057-01, SSB-439005, STORM-2019-001, SUSE-SU-2019:0572-1, SUSE-SU-2019:0600-1, SUSE-SU-2019:0658-1, SUSE-SU-2019:0803-1, SUSE-SU-2019:0818-1, SUSE-SU-2019:1362-1, SUSE-SU-2019:14091-1, SUSE-SU-2019:14092-1, SUSE-SU-2019:1553-1, SUSE-SU-2019:1608-1, SYMSA1490, TNS-2019-02, USN-3899-1, VIGILANCE-VUL-28600.
Description of the vulnerability
An attacker can bypass access restrictions to data via 0-byte Record Padding Oracle of OpenSSL 1.0.2, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
OpenSSL: information disclosure via ECC Scalar Multiplication
Synthesis of the vulnerability
On an Intel processor (VIGILANCE-VUL-27667), an attacker can measure the execution time of the ECC Scalar Multiplication of OpenSSL, in order to obtain the used key.
Impacted products: Blue Coat CAS, Debian, BIG-IP Hardware, TMOS, AIX, IRAD, Rational ClearCase, QRadar SIEM, MariaDB ~ precise, MySQL Community, MySQL Enterprise, OpenBSD, OpenSSL, openSUSE Leap, Oracle Communications, Oracle Fusion Middleware, Oracle Identity Management, Solaris, Tuxedo, WebLogic, Percona Server, XtraBackup, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, Synology DSM, Synology DS***, Synology RS***, Nessus, Ubuntu, WinSCP.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 12/11/2018.
Identifiers: bulletinjan2019, CERTFR-2018-AVI-607, CERTFR-2019-AVI-242, cpuapr2019, cpujan2019, cpujul2019, CVE-2018-5407, DLA-1586-1, DSA-4348-1, DSA-4355-1, ibm10794537, ibm10875298, ibm10886313, K49711130, openSUSE-SU-2018:3903-1, openSUSE-SU-2018:4050-1, openSUSE-SU-2018:4104-1, openSUSE-SU-2019:0088-1, openSUSE-SU-2019:0234-1, RHSA-2019:0483-01, RHSA-2019:2125-01, SSA:2018-325-01, SUSE-SU-2018:3864-1, SUSE-SU-2018:3864-2, SUSE-SU-2018:3866-1, SUSE-SU-2018:3964-1, SUSE-SU-2018:3989-1, SUSE-SU-2018:4001-1, SUSE-SU-2018:4068-1, SUSE-SU-2018:4274-1, SUSE-SU-2019:0117-1, SUSE-SU-2019:0395-1, SUSE-SU-2019:1553-1, SYMSA1490, TNS-2018-16, TNS-2018-17, USN-3840-1, VIGILANCE-VUL-27760.
Description of the vulnerability
On an Intel processor (VIGILANCE-VUL-27667), an attacker can measure the execution time of the ECC Scalar Multiplication of OpenSSL, in order to obtain the used key.
Full Vigil@nce bulletin... (Free trial) |
Intel processors: information disclosure via SMT/Hyper-Threading PortSmash
Synthesis of the vulnerability
An attacker can bypass access restrictions to data via SMT/Hyper-Threading PortSmash on an Intel processor, in order to obtain sensitive information.
Impacted products: Debian, Avamar, BIG-IP Hardware, TMOS, AIX, IRAD, MariaDB ~ precise, Windows (platform) ~ not comprehensive, MySQL Community, MySQL Enterprise, OpenBSD, OpenSSL, openSUSE Leap, Oracle Communications, Oracle Fusion Middleware, Oracle Identity Management, Solaris, Tuxedo, WebLogic, Percona Server, XtraBackup, RHEL, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 05/11/2018.
Identifiers: 530514, bulletinjan2019, CERTFR-2019-AVI-242, cpuapr2019, cpujan2019, cpujul2019, CVE-2018-5407, DSA-2018-030, DSA-4348-1, DSA-4355-1, ibm10794537, K49711130, openSUSE-SU-2018:4050-1, openSUSE-SU-2018:4104-1, openSUSE-SU-2019:0088-1, openSUSE-SU-2019:0234-1, RHSA-2019:2125-01, SUSE-SU-2018:3964-1, SUSE-SU-2018:3989-1, SUSE-SU-2018:4001-1, SUSE-SU-2018:4068-1, SUSE-SU-2018:4274-1, SUSE-SU-2019:0117-1, SUSE-SU-2019:0395-1, SUSE-SU-2019:1553-1, USN-3840-1, VIGILANCE-VUL-27667.
Description of the vulnerability
An attacker can bypass access restrictions to data via SMT/Hyper-Threading PortSmash on an Intel processor, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
OpenSSL: information disclosure via DSA Signature Generation
Synthesis of the vulnerability
An attacker can bypass access restrictions to data via DSA Signature Generation of OpenSSL, in order to obtain sensitive information.
Impacted products: Debian, AIX, IRAD, Rational ClearCase, MariaDB ~ precise, MySQL Community, MySQL Enterprise, Nodejs Core, OpenSSL, openSUSE Leap, Oracle Communications, Oracle Fusion Middleware, Oracle Identity Management, Solaris, Tuxedo, WebLogic, Percona Server, XtraBackup, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Nessus, Ubuntu, WinSCP.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 30/10/2018.
Identifiers: bulletinapr2019, bulletinjan2019, CERTFR-2018-AVI-607, cpuapr2019, cpujan2019, cpujul2019, CVE-2018-0734, DSA-4348-1, DSA-4355-1, ibm10794537, ibm10875298, openSUSE-SU-2018:3890-1, openSUSE-SU-2018:3903-1, openSUSE-SU-2018:4050-1, openSUSE-SU-2018:4104-1, openSUSE-SU-2019:0084-1, openSUSE-SU-2019:0088-1, openSUSE-SU-2019:0138-1, openSUSE-SU-2019:0234-1, openSUSE-SU-2019:1547-1, openSUSE-SU-2019:1814-1, RHSA-2019:2304-01, SSA:2018-325-01, SUSE-SU-2018:3863-1, SUSE-SU-2018:3864-1, SUSE-SU-2018:3864-2, SUSE-SU-2018:3866-1, SUSE-SU-2018:3964-1, SUSE-SU-2018:3989-1, SUSE-SU-2018:4001-1, SUSE-SU-2018:4068-1, SUSE-SU-2018:4274-1, SUSE-SU-2019:0117-1, SUSE-SU-2019:0395-1, SUSE-SU-2019:1553-1, TNS-2018-16, TNS-2018-17, USN-3840-1, VIGILANCE-VUL-27640.
Description of the vulnerability
An attacker can bypass access restrictions to data via DSA Signature Generation of OpenSSL, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
OpenSSL: information disclosure via ECDSA Signature Generation
Synthesis of the vulnerability
An attacker can bypass access restrictions to data via ECDSA Signature Generation of OpenSSL, in order to obtain sensitive information.
Impacted products: Blue Coat CAS, Debian, IRAD, Nodejs Core, OpenSSL, openSUSE Leap, Oracle Fusion Middleware, Oracle Identity Management, Solaris, Tuxedo, WebLogic, SLES, Symantec Content Analysis, Ubuntu.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 29/10/2018.
Identifiers: bulletinjan2019, cpuapr2019, cpujul2019, CVE-2018-0735, DLA-1586-1, DSA-4348-1, ibm10794537, openSUSE-SU-2018:3890-1, SUSE-SU-2018:3863-1, SYMSA1490, USN-3840-1, VIGILANCE-VUL-27631.
Description of the vulnerability
An attacker can bypass access restrictions to data via ECDSA Signature Generation of OpenSSL, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
Spring Framework: denial of service via Complex Range Requests
Synthesis of the vulnerability
An attacker can generate a fatal error via Complex Range Requests of Spring Framework, in order to trigger a denial of service.
Impacted products: QRadar SIEM, MariaDB ~ precise, MySQL Community, MySQL Enterprise, Oracle Communications, Oracle Fusion Middleware, Oracle Identity Management, WebLogic, Percona Server, Spring Framework.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: internet client.
Creation date: 17/10/2018.
Identifiers: CERTFR-2019-AVI-331, cpujul2019, CVE-2018-15756, ibm10957141, VIGILANCE-VUL-27548.
Description of the vulnerability
An attacker can generate a fatal error via Complex Range Requests of Spring Framework, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
Oracle Fusion Middleware: vulnerabilities of October 2018
Synthesis of the vulnerability
Several vulnerabilities were announced in Oracle products.
Impacted products: Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Tuxedo, Oracle Virtual Directory, WebLogic.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 22.
Creation date: 17/10/2018.
Identifiers: cpuoct2018, CVE-2017-14735, CVE-2018-2902, CVE-2018-2911, CVE-2018-3152, CVE-2018-3168, CVE-2018-3179, CVE-2018-3191, CVE-2018-3197, CVE-2018-3201, CVE-2018-3204, CVE-2018-3210, CVE-2018-3213, CVE-2018-3215, CVE-2018-3238, CVE-2018-3245, CVE-2018-3246, CVE-2018-3248, CVE-2018-3249, CVE-2018-3250, CVE-2018-3252, CVE-2018-3253, CVE-2018-3254, VIGILANCE-VUL-27506.
Description of the vulnerability
Several vulnerabilities were announced in Oracle products.
Full Vigil@nce bulletin... (Free trial) |
Bouncy Castle Java Cryptography Extension: vulnerability via XMSS Private Keys Deserialization
Synthesis of the vulnerability
A vulnerability via XMSS Private Keys Deserialization of Bouncy Castle Java Cryptography Extension was announced.
Impacted products: Bouncy Castle JCE, Fedora, Juniper SBR, openSUSE Leap, Oracle Communications, Oracle Fusion Middleware, Oracle Identity Management, Tuxedo, WebLogic.
Severity: 2/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: document.
Creation date: 02/07/2018.
Identifiers: CERTFR-2019-AVI-325, cpuapr2019, cpujan2019, cpujul2019, CVE-2018-1000613, FEDORA-2018-e6894349c9, JSA10939, openSUSE-SU-2018:2131-1, openSUSE-SU-2018:2180-1, VIGILANCE-VUL-26596.
Description of the vulnerability
A vulnerability via XMSS Private Keys Deserialization of Bouncy Castle Java Cryptography Extension was announced.
Full Vigil@nce bulletin... (Free trial) |
Spring Framework: information disclosure via Cross-Domain Requests
Synthesis of the vulnerability
An attacker can bypass access restrictions to data via Cross-Domain Requests of Spring Framework, in order to obtain sensitive information.
Impacted products: Oracle Communications, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Tuxedo, Oracle Virtual Directory, WebLogic, Spring Framework.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 15/06/2018.
Identifiers: cpuapr2019, cpujan2019, cpujul2019, cpuoct2018, CVE-2018-11040, VIGILANCE-VUL-26440.
Description of the vulnerability
An attacker can bypass access restrictions to data via Cross-Domain Requests of Spring Framework, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
Spring Framework: information disclosure via Cross Site Tracing
Synthesis of the vulnerability
An attacker can bypass access restrictions to data via Cross Site Tracing of Spring Framework, in order to obtain sensitive information.
Impacted products: Oracle Communications, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Tuxedo, Oracle Virtual Directory, WebLogic, Spring Framework, SAS Add-in for Microsoft Office, SAS Analytics Pro, Base SAS Software, SAS Enterprise BI Server, SAS Enterprise Guide, SAS Grid Computing, SAS Management Console, SAS OLAP Server, SAS SAS/ACCESS, SAS SAS/AF, SAS SAS/CONNECT, SAS SAS/EIS, SAS SAS/ETS, SAS SAS/FSP, SAS SAS/GRAPH, SAS SAS/IML, SAS SAS/INSIGHT, SAS SAS/OR, SAS SAS/STAT, SAS SAS/Web Report Studio.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 15/06/2018.
Identifiers: cpuapr2019, cpujan2019, cpujul2019, cpuoct2018, CVE-2018-11039, VIGILANCE-VUL-26439.
Description of the vulnerability
An attacker can bypass access restrictions to data via Cross Site Tracing of Spring Framework, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about Oracle Identity Management:
|