The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x before 2.0.2, and 2.1.x before 2.1.2 might allow attackers to conduct deserialization attacks via a crafted serialized view state string.
Base Score: 7.5
Impact Score: 6.4
Exploitability Score: 10
Base Score: 9.8
Impact Score: 5.9
Exploitability Score: 3.9
|101900||Oracle Primavera P6 Enterprise Project Portfolio Management (EPPM) Multiple Vulnerabilities (July 2017 CPU)||Nessus||CGI abuses|
|96777||Oracle Enterprise Manager Cloud Control Multiple Vulnerabilities (January 2017 CPU)||Nessus||Misc.|
|93592||Oracle JDeveloper Multiple RCE (July 2016 CPU)||Nessus||Misc.|