Oracle Banking Digital Experience vulnerabilities

31 known vulnerabilities affecting oracle/banking_digital_experience.

Total CVEs
31
CISA KEV
0
Public exploits
4
Exploited in wild
2
Severity breakdown
CRITICAL3HIGH19MEDIUM8LOW1

Vulnerabilities

Page 2 of 2
CVE-2020-11112HIGHCVSS 8.8v18.1v18.2+4 more2020-03-31
CVE-2020-11112 [HIGH] CWE-502 CVE-2020-11112: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadg FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).
nvd
CVE-2020-10969HIGHCVSS 8.8v18.1v18.2+4 more2020-03-26
CVE-2020-10969 [HIGH] CWE-502 CVE-2020-10969: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadg FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.
nvd
CVE-2020-10968HIGHCVSS 8.8v18.1v18.2+4 more2020-03-26
CVE-2020-10968 [HIGH] CWE-502 CVE-2020-10968: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadg FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).
nvd
CVE-2020-10673HIGHCVSS 8.8v18.1v18.2+4 more2020-03-18
CVE-2020-10673 [HIGH] CWE-502 CVE-2020-10673: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadg FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).
nvd
CVE-2020-10672HIGHCVSS 8.8v18.1v18.2+4 more2020-03-18
CVE-2020-10672 [HIGH] CWE-502 CVE-2020-10672: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadg FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).
nvd
CVE-2020-9546CRITICALCVSS 9.8v18.1v18.2+4 more2020-03-02
CVE-2020-9546 [CRITICAL] CWE-502 CVE-2020-9546: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadg FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).
nvd
CVE-2020-9548CRITICALCVSS 9.8PoCv18.1v18.2+4 more2020-03-02
CVE-2020-9548 [CRITICAL] CWE-502 CVE-2020-9548: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadg FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).
nvd
CVE-2019-10219MEDIUMCVSS 6.1v17.2v18.1+5 more2019-11-08
CVE-2019-10219 [MEDIUM] CWE-79 CVE-2019-10219: A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properl A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
nvd
CVE-2019-3019MEDIUMCVSS 5.4v18.1v18.2+2 more2019-10-16
CVE-2019-3019 [MEDIUM] CVE-2019-3019: Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applicat Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: Loan Calculator). Supported versions that are affected are 18.1, 18.2, 18.3 and 19.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Digital Experience. Successful attac
nvd
CVE-2019-17495CRITICALCVSS 9.8≥ 18.1, ≤ 18.3v19.1+3 more2019-10-10
CVE-2019-17495 [CRITICAL] CWE-352 CVE-2019-17495: A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows the embedding of untrusted JSON data from remote s
nvd
CVE-2019-11358MEDIUMCVSS 6.1ExploitedPoCv18.1v18.2+4 more2019-04-20
CVE-2019-11358 [MEDIUM] CWE-1321 CVE-2019-11358: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(t jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
nvd
← Previous2 / 2