Security Updates

• Reflected Cross-Site Scripting found in the “loginmessage” parameter.
  27-10-2020      affects versions : 14.2, 13.4, 12.6


• CMS login captcha can be bypassed by deleting cookies
  07-04-2020      affects versions : 14.0, 13.4, 12.6, 11.2


• Vulnerabilities reported for snakeyaml 1.18
  07-04-2020      affects versions : 14.0, 13.4, 12.6


• Vulnerability reported in spring-security-core-5.1.5.RELEASE.jar
  07-04-2020      affects versions : 14.0, 13.4


• Vulnerabilities reported in bundled jQuery library
  17-01-2020      affects versions : 13.4, 13.3, 12.5


• Vulnerabilities in Jackson Databind library -2.9.9.3
  15-01-2020      affects versions : 13.4, 13.3, 12.5, 11.2


• Open Redirection Allowed
  15-01-2020      affects versions : 13.4, 13.3, 12.5, 11.2


• A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10.
  15-01-2020      affects versions : 13.4, 13.3, 12.5, 11.2


• A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1
  15-01-2020      affects versions : 13.4, 13.3, 12.5, 11.2


• initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.
  15-01-2020      affects versions : 13.4, 13.3, 12.5, 11.2


• Vulnerabilities reported for Apache CXF before 3.3.4 and 3.2.11
  15-01-2020      affects versions : 13.4, 13.3, 12.5, 11.2


• Vulnerability reported in Apache Commons Beanutils (CVE-2019-10086)
  01-11-2019      affects versions : 13.3, 13.2, 12.6, 11.2


• Vulnerabilities in Jackson Databind 2.9.9.1
  01-11-2019      affects versions : 13.3, 13.2, 12.6, 11.2


• Systemic Cross-Site Request Forgery (CSRF)
  01-11-2019      affects versions : 13.3, 13.2, 12.6, 11.2


• XML Injection vulnerability vulnerability in dom4j 1.1 (CVE-2018-1000632)
  01-11-2019      affects versions : 13.3, 13.2, 12.6, 11.2


• Multiple Vulnerabilities in Apache Tika
  01-11-2019      affects versions : 13.3, 13.2, 12.6, 11.2


• CVE-2019-3795 Spring Security insecure randomness vulnerability
  28-08-2019      affects versions : 12.6


• Vulnerabilities in Jackson Databind 2.9.9
  28-08-2019      affects versions : 13.3, 13.2, 12.6, 11.2


• Vulnerabilities in Jackson Databind 2.9.8
  02-08-2019      affects versions : 13.1, 13.0, 12.6, 11.2


• Open Redirector in spring-security-oauth2 (CVE-2019-11269)
  02-08-2019      affects versions : 13.2, 13.1, 12.6


• XXS Vulnerability in Segment Description Fields
  01-07-2019      affects versions : 13.1, 13.0, 12.6, 11.2


• CVE-2019-3795 Spring Security insecure randomness vulnerability
  01-07-2019      affects versions : 13.1, 13.0, 12.6


• CVE-2019-5427 XML configuration DoS vulnerability in c3p0
  01-07-2019      affects versions : 13.1, 13.0, 12.6, 11.2


• Vulnerabilities in Jackson Databind
  29-04-2019      affects versions : 13.0, 12.6, 11.2


• Vulnerability in Spring Framework
  29-04-2019      affects versions : 12.6, 11.2

• Previous
• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• Next