Financial Services Revenue Management And Billing Analytics Security Vulnerabilities and Issues — Financial Services Revenue Management And Billing Analytics CVE List

Lucene search

OracleFinancial Services Revenue Management And Billing Analytics

7 matches found

cve•added 2020/04/29 9:15 p.m.•6667 views

CVE-2020-11023

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3...

6.9CVSS7.2AI score0.21757EPSS

cve•added 2021/12/14 12:15 p.m.•1081 views

CVE-2021-4104

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remot...

7.5CVSS9.4AI score0.94358EPSS

cve•added 2019/08/20 9:15 p.m.•821 views

CVE-2019-10086

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.

7.5CVSS7.3AI score0.00317EPSS

cve•added 2022/01/18 4:15 p.m.•701 views

CVE-2022-23302

JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configura...

8.8CVSS9.3AI score0.72202EPSS

cve•added 2022/01/18 4:15 p.m.•619 views

CVE-2022-23307

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.

9CVSS9.2AI score0.00752EPSS

cve•added 2022/01/18 4:15 p.m.•589 views

CVE-2022-23305

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings int...

9.8CVSS9.4AI score0.14404EPSS

cve•added 2019/10/16 6:15 p.m.•148 views

CVE-2019-2904

Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Orac...

9.8CVSS9.1AI score0.21041EPSS