Data Integrator Security Vulnerabilities and Issues — Data Integrator CVE List

Lucene search

OracleData Integrator

7 matches found

CVE•added 2020/12/10 11:15 p.m.•925 views

CVE-2020-8908

A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory i...

3.3CVSS5.8AI score0.00067EPSS

CVE•added 2020/12/02 5:15 p.m.•789 views

CVE-2020-13956

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.

5.3CVSS5.9AI score0.00505EPSS

CVE•added 2020/05/01 7:15 p.m.•455 views

CVE-2020-10683

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.

9.8CVSS9.2AI score0.02443EPSS

CVE•added 2020/04/27 4:15 p.m.•424 views

CVE-2020-9488

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1

4.3CVSS6AI score0.00022EPSS

CVE•added 2020/05/14 4:15 p.m.•412 views

CVE-2020-1945

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tr...

6.3CVSS6.8AI score0.00021EPSS

CVE•added 2020/10/01 8:15 p.m.•278 views

CVE-2020-11979

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effor...

7.5CVSS6.9AI score0.00591EPSS

CVE•added 2020/12/27 5:15 a.m.•270 views

CVE-2020-35728

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).

8.1CVSS7.7AI score0.39669EPSS

Web