

Rewterz Threat Advisory – CVE-2019-2414 – Oracle HTTP Server “Web Listener” Privilege Escalation Vulnerability
January 17, 2019
Rewterz Threat Advisory – CVE-2019-2550 & CVE-2019-2549 – Oracle FLEXCUBE Direct Banking “Logoff Page” Vulnerabilities
January 17, 2019
Rewterz Threat Advisory – CVE-2019-2414 – Oracle HTTP Server “Web Listener” Privilege Escalation Vulnerability
January 17, 2019
Rewterz Threat Advisory – CVE-2019-2550 & CVE-2019-2549 – Oracle FLEXCUBE Direct Banking “Logoff Page” Vulnerabilities
January 17, 2019SEVERITY: Medium
ANALYSIS SUMMARY
CVE-2018-12022
2019-01-17: At the time of this advisory, a description was not available.
CVE-2018-14721
FasterXML jackson-databind 2.x before 2.9.7 can let remote attackers launch server-side request forgery (SSRF) attacks due to failure to block the axis2-jaxws class from polymorphic de-serialization.
CVE-2018-11307
2019-01-17: At the time of this advisory, a description was not available.
CVE-2018-12023
2019-01-17: At the time of this advisory, a description was not available.
CVE-2018-14718
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
CVE-2018-14719
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.
CVE-2018-14720
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.
AFFECTED PRODUCTS
Oracle Enterprise Manager 13.x
IMPACT
Security Bypass
REMEDIATION
Apply update.