Oracle: >> Jd Edwards Enterpriseone Tools >> 9.1 Security Vulnerabilities
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.
CVSS Score
7.3
EPSS Score
0.004
Published
2019-08-20
The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.
CVSS Score
6.5
EPSS Score
0.856
Published
2015-07-09
Page 10