Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Financial Services Analytical Applications Infrastructure Security Vulnerabilities - 2018

cve
cve

CVE-2015-9251

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

6.1CVSS

6.3AI Score

0.007EPSS

2018-01-18 11:29 PM
1823
5
cve
cve

CVE-2017-15095

A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-...

9.8CVSS

9.2AI Score

0.493EPSS

2018-02-06 03:29 PM
192
4
cve
cve

CVE-2017-7525

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

9.8CVSS

9.2AI Score

0.493EPSS

2018-02-06 03:29 PM
339
7
cve
cve

CVE-2018-15756

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller ...

7.5CVSS

7.1AI Score

0.004EPSS

2018-10-18 10:29 PM
143
4
cve
cve

CVE-2018-2660

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 7.3.5.x and 8.0.x. Easily exploitable vulnerability allows low privileged attacker with network ac...

7.4CVSS

6.8AI Score

0.001EPSS

2018-01-18 02:29 AM
28
cve
cve

CVE-2018-2661

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 7.3.5.x and 8.0.x. Easily exploitable vulnerability allows unauthenticated attacker with network a...

6.1CVSS

5.6AI Score

0.001EPSS

2018-01-18 02:29 AM
36
cve
cve

CVE-2018-8013

In Apache Batik 1.x before 1.10, when deserializing subclass of AbstractDocument, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.

9.8CVSS

8.6AI Score

0.004EPSS

2018-05-24 04:29 PM
132
cve
cve

CVE-2018-8032

Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.

6.1CVSS

5.8AI Score

0.004EPSS

2018-08-02 01:29 PM
181
2