Oracle

Financial Services Analytical Applications Infrastructure

78 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.1

CVE-2021-26291

Exploit
  • EPSS 45.48%
  • Published 23.04.2021 15:15:09
  • Last modified 21.11.2024 05:56:01

Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves int...

5.8

CVE-2021-2140

  • EPSS 0.8%
  • Published 22.04.2021 22:15:12
  • Last modified 21.11.2024 06:02:27

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Rules Framework). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerabili...

5.8

CVE-2021-29425

Exploit
  • EPSS 0.48%
  • Published 13.04.2021 07:15:12
  • Last modified 21.11.2024 06:01:04

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but ...

6.5

CVE-2021-26272

  • EPSS 0.2%
  • Published 26.01.2021 21:15:12
  • Last modified 21.11.2024 05:56:00

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin).

6.5

CVE-2021-26271

  • EPSS 0.64%
  • Published 26.01.2021 21:15:12
  • Last modified 21.11.2024 05:56:00

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin).

6.1

CVE-2020-27193

  • EPSS 0.91%
  • Published 12.11.2020 21:15:11
  • Last modified 21.11.2024 05:20:50

A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs.

7.5

CVE-2019-17566

  • EPSS 0.82%
  • Published 12.11.2020 18:15:12
  • Last modified 21.11.2024 04:32:32

Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make ...

7.8

CVE-2020-14824

  • EPSS 1.13%
  • Published 21.10.2020 15:15:21
  • Last modified 21.11.2024 05:04:15

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerabilit...

7.5

CVE-2020-11979

  • EPSS 0.61%
  • Published 01.10.2020 20:15:13
  • Last modified 21.11.2024 04:59:02

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without ...

6.5

CVE-2020-5421

  • EPSS 63.83%
  • Published 19.09.2020 04:15:11
  • Last modified 21.11.2024 05:34:08

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jses...