Oracle

Financial Services Analytical Applications Infrastructure

78 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2020-9546

  • EPSS 2.33%
  • Published 02.03.2020 04:15:10
  • Last modified 21.11.2024 05:40:50

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).

7.1

CVE-2020-2688

  • EPSS 0.48%
  • Published 15.01.2020 17:15:26
  • Last modified 21.11.2024 05:26:00

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Object Migration). Supported versions that are affected are 8.0.4-8.0.8. Easily exploitable vulnerabil...

7.5

CVE-2019-12399

  • EPSS 3.16%
  • Published 14.01.2020 15:15:12
  • Last modified 21.11.2024 04:22:45

When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring...

6.1

CVE-2019-10219

  • EPSS 1.67%
  • Published 08.11.2019 15:15:11
  • Last modified 07.07.2025 14:15:21

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

5.5

CVE-2019-12415

  • EPSS 0.02%
  • Published 23.10.2019 20:15:12
  • Last modified 21.11.2024 04:22:47

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML E...

7.5

CVE-2019-17359

  • EPSS 7.63%
  • Published 08.10.2019 14:15:10
  • Last modified 12.05.2025 17:37:16

The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.

9.8

CVE-2019-14540

  • EPSS 7.08%
  • Published 15.09.2019 22:15:10
  • Last modified 21.11.2024 04:26:55

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.

9.8

CVE-2019-16335

  • EPSS 0.74%
  • Published 15.09.2019 22:15:10
  • Last modified 21.11.2024 04:30:32

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.

7.5

CVE-2019-14439

  • EPSS 9.41%
  • Published 30.07.2019 11:15:11
  • Last modified 21.11.2024 04:26:44

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logbac...

9.8

CVE-2019-14379

  • EPSS 1.46%
  • Published 29.07.2019 12:15:16
  • Last modified 21.11.2024 04:26:37

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.