Oracle

Financial Services Analytical Applications Infrastructure

90 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2020-14601

  • EPSS 0.85%
  • Veröffentlicht 15.07.2020 18:15:25
  • Zuletzt bearbeitet 21.11.2024 05:03:39

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerabilit...

6.3

CVE-2020-1945

  • EPSS 0.04%
  • Veröffentlicht 14.05.2020 16:15:12
  • Zuletzt bearbeitet 21.11.2024 05:11:42

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files fr...

9.8

CVE-2020-10683

  • EPSS 6.96%
  • Veröffentlicht 01.05.2020 19:15:12
  • Zuletzt bearbeitet 21.11.2024 04:55:50

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any a...

6.1

CVE-2020-11022

Exploit
  • EPSS 2.39%
  • Veröffentlicht 29.04.2020 22:15:11
  • Zuletzt bearbeitet 13.04.2026 15:16:29

In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in...

4.3

CVE-2020-9488

  • EPSS 0.03%
  • Veröffentlicht 27.04.2020 16:15:12
  • Zuletzt bearbeitet 21.11.2024 05:40:45

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Lo...

7.1

CVE-2020-2793

  • EPSS 0.32%
  • Veröffentlicht 15.04.2020 14:15:27
  • Zuletzt bearbeitet 21.11.2024 05:26:17

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6 - 8.0.9. Easily exploitable vulnerabil...

8.8

CVE-2020-11113

  • EPSS 60.71%
  • Veröffentlicht 31.03.2020 05:15:13
  • Zuletzt bearbeitet 29.04.2026 20:05:54

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).

8.8

CVE-2020-11112

  • EPSS 6.77%
  • Veröffentlicht 31.03.2020 05:15:13
  • Zuletzt bearbeitet 29.04.2026 18:58:57

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).

8.8

CVE-2020-10969

  • EPSS 1.04%
  • Veröffentlicht 26.03.2020 13:15:13
  • Zuletzt bearbeitet 21.11.2024 04:56:28

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.

8.8

CVE-2020-10968

  • EPSS 3.82%
  • Veröffentlicht 26.03.2020 13:15:12
  • Zuletzt bearbeitet 21.11.2024 04:56:28

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).