Oracle

Insurance Policy Administration

31 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2020-36185

Exploit
  • EPSS 2.32%
  • Published 06.01.2021 23:15:13
  • Last modified 21.11.2024 05:28:56

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource.

8.1

CVE-2020-36184

Exploit
  • EPSS 5.95%
  • Published 06.01.2021 23:15:13
  • Last modified 21.11.2024 05:28:56

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.

8.1

CVE-2020-36181

Exploit
  • EPSS 7.39%
  • Published 06.01.2021 23:15:12
  • Last modified 21.11.2024 05:28:55

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.

8.1

CVE-2020-35728

  • EPSS 39.67%
  • Published 27.12.2020 05:15:11
  • Last modified 27.08.2025 21:15:36

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.js...

5.5

CVE-2020-17521

  • EPSS 0.36%
  • Published 07.12.2020 20:15:12
  • Last modified 21.11.2024 05:08:16

Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operatin...

7.5

CVE-2020-25649

  • EPSS 0.01%
  • Published 03.12.2020 17:15:12
  • Last modified 21.11.2024 05:18:20

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

6.5

CVE-2020-5421

  • EPSS 63.83%
  • Published 19.09.2020 04:15:11
  • Last modified 21.11.2024 05:34:08

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jses...

6.1

CVE-2019-10219

  • EPSS 1.67%
  • Published 08.11.2019 15:15:11
  • Last modified 07.07.2025 14:15:21

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

9.8

CVE-2019-17195

  • EPSS 11.34%
  • Published 15.10.2019 14:15:12
  • Last modified 21.11.2024 04:31:50

Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.

8.8

CVE-2018-1258

  • EPSS 0.16%
  • Published 11.05.2018 20:29:00
  • Last modified 21.11.2024 03:59:28

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted...