Oracle

Insurance Rules Palette

34 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2020-36186

Exploit
  • EPSS 2.62%
  • Veröffentlicht 06.01.2021 23:15:13
  • Zuletzt bearbeitet 21.11.2024 05:28:56

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.

8.1

CVE-2020-36187

Exploit
  • EPSS 2.41%
  • Veröffentlicht 06.01.2021 23:15:13
  • Zuletzt bearbeitet 21.11.2024 05:28:57

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.

8.1

CVE-2020-36188

Exploit
  • EPSS 8.16%
  • Veröffentlicht 06.01.2021 23:15:13
  • Zuletzt bearbeitet 21.11.2024 05:28:57

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource.

8.1

CVE-2020-36181

Exploit
  • EPSS 7.39%
  • Veröffentlicht 06.01.2021 23:15:12
  • Zuletzt bearbeitet 21.11.2024 05:28:55

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.

8.1

CVE-2020-35728

  • EPSS 39.67%
  • Veröffentlicht 27.12.2020 05:15:11
  • Zuletzt bearbeitet 27.08.2025 21:15:36

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.js...

7.5

CVE-2020-25649

  • EPSS 0.01%
  • Veröffentlicht 03.12.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 05:18:20

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

6.5

CVE-2020-5421

  • EPSS 63.83%
  • Veröffentlicht 19.09.2020 04:15:11
  • Zuletzt bearbeitet 21.11.2024 05:34:08

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jses...

9.8

CVE-2020-10683

  • EPSS 1.96%
  • Veröffentlicht 01.05.2020 19:15:12
  • Zuletzt bearbeitet 21.11.2024 04:55:50

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any a...

4.3

CVE-2020-9488

  • EPSS 0.01%
  • Veröffentlicht 27.04.2020 16:15:12
  • Zuletzt bearbeitet 21.11.2024 05:40:45

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Lo...

5.3

CVE-2020-5397

Exploit
  • EPSS 0.89%
  • Veröffentlicht 17.01.2020 19:15:14
  • Zuletzt bearbeitet 21.11.2024 05:34:03

Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vul...