Oracle

Banking Platform

72 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2019-17495

Exploit
  • EPSS 13.71%
  • Veröffentlicht 10.10.2019 22:15:10
  • Zuletzt bearbeitet 21.11.2024 04:32:22

A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. I...

9.8

CVE-2019-16943

  • EPSS 1.84%
  • Veröffentlicht 01.10.2019 17:15:10
  • Zuletzt bearbeitet 21.11.2024 04:31:23

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) ja...

9.8

CVE-2019-16942

  • EPSS 0.44%
  • Veröffentlicht 01.10.2019 17:15:10
  • Zuletzt bearbeitet 21.11.2024 04:31:23

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1....

9.8

CVE-2019-16335

  • EPSS 0.74%
  • Veröffentlicht 15.09.2019 22:15:10
  • Zuletzt bearbeitet 21.11.2024 04:30:32

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.

9.8

CVE-2019-14540

  • EPSS 7.08%
  • Veröffentlicht 15.09.2019 22:15:10
  • Zuletzt bearbeitet 21.11.2024 04:26:55

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.

7.5

CVE-2019-12402

  • EPSS 0.38%
  • Veröffentlicht 30.08.2019 09:15:17
  • Zuletzt bearbeitet 21.11.2024 04:22:45

The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names insi...

7.5

CVE-2019-10086

  • EPSS 0.26%
  • Veröffentlicht 20.08.2019 21:15:12
  • Zuletzt bearbeitet 21.11.2024 04:18:22

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by defa...

7.5

CVE-2019-14439

  • EPSS 9.41%
  • Veröffentlicht 30.07.2019 11:15:11
  • Zuletzt bearbeitet 21.11.2024 04:26:44

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logbac...

9.8

CVE-2019-14379

  • EPSS 1.46%
  • Veröffentlicht 29.07.2019 12:15:16
  • Zuletzt bearbeitet 21.11.2024 04:26:37

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.

9.8

CVE-2019-10173

  • EPSS 91.87%
  • Veröffentlicht 23.07.2019 13:15:13
  • Zuletzt bearbeitet 14.05.2025 20:02:54

It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshall...