Oracle

Banking Digital Experience

31 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2021-28164

Exploit
  • EPSS 93.52%
  • Published 01.04.2021 15:15:14
  • Last modified 21.11.2024 05:59:13

In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF...

4

CVE-2021-28163

Exploit
  • EPSS 0.21%
  • Published 01.04.2021 15:15:14
  • Last modified 21.11.2024 05:59:12

In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps thems...

8.2

CVE-2020-11987

  • EPSS 0.63%
  • Published 24.02.2021 18:15:11
  • Last modified 21.11.2024 04:59:03

Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arb...

8.1

CVE-2020-14195

  • EPSS 9.51%
  • Published 16.06.2020 16:15:11
  • Last modified 21.11.2024 05:02:50

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).

8.1

CVE-2020-14060

  • EPSS 8.72%
  • Published 14.06.2020 21:15:09
  • Last modified 21.11.2024 05:02:27

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).

8.1

CVE-2020-14062

  • EPSS 7.71%
  • Published 14.06.2020 20:15:10
  • Last modified 21.11.2024 05:02:28

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).

8.1

CVE-2020-14061

  • EPSS 6.15%
  • Published 14.06.2020 20:15:10
  • Last modified 27.08.2025 21:15:35

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, o...

6.1

CVE-2020-11022

Exploit
  • EPSS 22.55%
  • Published 29.04.2020 22:15:11
  • Last modified 21.11.2024 04:56:36

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This prob...

8.8

CVE-2020-11113

  • EPSS 60.71%
  • Published 31.03.2020 05:15:13
  • Last modified 21.11.2024 04:56:49

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).

8.8

CVE-2020-11112

  • EPSS 11.42%
  • Published 31.03.2020 05:15:13
  • Last modified 21.11.2024 04:56:49

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).