Financial Services Analytical Applications Infrastructure Security Vulnerabilities and Issues — Financial Services Analytical Applications Infrastructure CVE List

Lucene search

OracleFinancial Services Analytical Applications Infrastructure

29 matches found

CVE•added 2020/04/29 10:15 p.m.•6941 views

CVE-2020-11022

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

6.9CVSS7.2AI score0.02566EPSS

CVE•added 2020/03/02 4:15 a.m.•478 views

CVE-2020-9546

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).

9.8CVSS9.2AI score0.02327EPSS

CVE•added 2020/05/01 7:15 p.m.•449 views

CVE-2020-10683

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.

9.8CVSS9.2AI score0.02443EPSS

CVE•added 2020/03/31 5:15 a.m.•427 views

CVE-2020-11113

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).

8.8CVSS8.3AI score0.61746EPSS

CVE•added 2020/04/27 4:15 p.m.•410 views

CVE-2020-9488

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1

4.3CVSS6AI score0.00022EPSS

CVE•added 2020/05/14 4:15 p.m.•407 views

CVE-2020-1945

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tr...

6.3CVSS6.8AI score0.00021EPSS

CVE•added 2020/03/18 10:15 p.m.•388 views

CVE-2020-10672

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).

8.8CVSS8.3AI score0.4007EPSS

CVE•added 2020/03/26 1:15 p.m.•371 views

CVE-2020-10968

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).

8.8CVSS8.3AI score0.06632EPSS

CVE•added 2020/03/26 1:15 p.m.•366 views

CVE-2020-10969

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.

8.8CVSS8.3AI score0.01478EPSS

CVE•added 2020/03/31 5:15 a.m.•366 views

CVE-2020-11111

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).

8.8CVSS8.3AI score0.02196EPSS

CVE•added 2020/03/18 10:15 p.m.•353 views

CVE-2020-10673

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).

8.8CVSS8.3AI score0.20473EPSS

CVE•added 2020/03/31 5:15 a.m.•343 views

CVE-2020-11112

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).

8.8CVSS8.3AI score0.11418EPSS

CVE•added 2020/10/01 8:15 p.m.•274 views

CVE-2020-11979

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effor...

7.5CVSS6.9AI score0.00591EPSS

CVE•added 2020/11/12 6:15 p.m.•260 views

CVE-2019-17566

Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.

7.5CVSS8.2AI score0.00815EPSS

CVE•added 2020/09/19 4:15 a.m.•260 views

CVE-2020-5421

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.

8.7CVSS7.2AI score0.59873EPSS

CVE•added 2020/11/12 9:15 p.m.•137 views

CVE-2020-27193

A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs.

6.1CVSS5.9AI score0.00908EPSS

CVE•added 2020/01/14 3:15 p.m.•119 views

CVE-2019-12399

When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration property value, the...

7.5CVSS7.3AI score0.03156EPSS

CVE•added 2020/07/15 6:15 p.m.•41 views

CVE-2020-14684

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network ac...

4.3CVSS3.8AI score0.00712EPSS

CVE•added 2020/07/15 6:15 p.m.•40 views

CVE-2020-14602

7.1CVSS6.5AI score0.00217EPSS

CVE•added 2020/01/15 5:15 p.m.•40 views

CVE-2020-2688

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Object Migration). Supported versions that are affected are 8.0.4-8.0.8. Easily exploitable vulnerability allows low privileged attacker with network a...

7.1CVSS6.8AI score0.00475EPSS

CVE•added 2020/07/15 6:15 p.m.•39 views

CVE-2020-14604

5.3CVSS4.7AI score0.00771EPSS

CVE•added 2020/07/15 6:15 p.m.•38 views

CVE-2020-14601

6.1CVSS5.8AI score0.00852EPSS

CVE•added 2020/07/15 6:15 p.m.•38 views

CVE-2020-14605

6.5CVSS6.3AI score0.00244EPSS

CVE•added 2020/07/15 6:15 p.m.•38 views

CVE-2020-14685

6.5CVSS6.3AI score0.00244EPSS

CVE•added 2020/07/15 6:15 p.m.•37 views

CVE-2020-14662

6.5CVSS5.9AI score0.00266EPSS

CVE•added 2020/04/15 2:15 p.m.•34 views

CVE-2020-2793

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6 - 8.0.9. Easily exploitable vulnerability allows low privileged attacker with network a...

7.1CVSS6.3AI score0.0038EPSS

CVE•added 2020/07/15 6:15 p.m.•33 views

CVE-2020-14603

5.3CVSS4.7AI score0.00771EPSS

CVE•added 2020/07/15 6:15 p.m.•33 views

CVE-2020-14615

6.1CVSS5.8AI score0.00852EPSS

CVE•added 2020/10/21 3:15 p.m.•33 views

CVE-2020-14824

8.6CVSS8AI score0.01125EPSS