Oracle Financial Services Analytical Applications Infrastructure vulnerabilities
84 known vulnerabilities affecting oracle/financial_services_analytical_applications_infrastructure.
Total CVEs
84
CISA KEV
3
actively exploited
Public exploits
7
Exploited in wild
5
Severity breakdown
CRITICAL18HIGH28MEDIUM37LOW1
Vulnerabilities
Page 3 of 5
CVE-2020-14685MEDIUMCVSS 6.5≥ 8.0.6.0.0, ≤ 8.1.0.0.02020-07-15
CVE-2020-14685 [MEDIUM] CVE-2020-14685: Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Ora
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analyti
nvd
CVE-2020-14615MEDIUMCVSS 6.1≥ 8.0.6, ≤ 8.1.02020-07-15
CVE-2020-14615 [MEDIUM] CWE-79 CVE-2020-14615: Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Ora
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services
nvd
CVE-2020-14684MEDIUMCVSS 4.3≥ 8.0.6.0.0, ≤ 8.1.0.0.02020-07-15
CVE-2020-14684 [MEDIUM] CVE-2020-14684: Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Ora
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analyt
nvd
CVE-2020-14605MEDIUMCVSS 6.5≥ 8.0.6, ≤ 8.1.02020-07-15
CVE-2020-14605 [MEDIUM] CVE-2020-14605: Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Ora
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analyti
nvd
CVE-2020-14662MEDIUMCVSS 6.3≥ 8.0.6.0.0, ≤ 8.1.0.0.02020-07-15
CVE-2020-14662 [MEDIUM] CVE-2020-14662: Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Ora
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analyti
nvd
CVE-2020-1945MEDIUMCVSS 6.3≥ 8.0.6, ≤ 8.1.02020-05-14
CVE-2020-1945 [MEDIUM] CWE-668 CVE-2020-1945: Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source file
nvd
CVE-2020-10683CRITICALCVSS 9.8≥ 8.0.6, ≤ 8.1.02020-05-01
CVE-2020-10683 [CRITICAL] CWE-611 CVE-2020-10683: dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, whi
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.
nvd
CVE-2020-11022MEDIUMCVSS 6.1ExploitedPoC≥ 8.0.6.0.0, ≤ 8.1.0.0.0≥ 8.0.6, ≤ 8.1.02020-04-29
CVE-2020-11022 [MEDIUM] CWE-79 CVE-2020-11022: In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sa
In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
nvd
CVE-2020-9488LOWCVSS 3.7≥ 8.0.6.0.0, ≤ 8.1.0.0.02020-04-27
CVE-2020-9488 [LOW] CWE-295 CVE-2020-9488: Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allo
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1
nvd
CVE-2020-2793HIGHCVSS 7.1≥ 8.0.6.0.0, ≤ 8.0.9.0.02020-04-15
CVE-2020-2793 [HIGH] CVE-2020-2793: Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Ora
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6 - 8.0.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytica
nvd
CVE-2020-11113HIGHCVSS 8.8≥ 8.0.6, ≤ 8.1.02020-03-31
CVE-2020-11113 [HIGH] CWE-502 CVE-2020-11113: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadg
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).
nvd
CVE-2020-11112HIGHCVSS 8.8≥ 8.0.6, ≤ 8.1.02020-03-31
CVE-2020-11112 [HIGH] CWE-502 CVE-2020-11112: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadg
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).
nvd
CVE-2020-10969HIGHCVSS 8.8≥ 8.0.6, ≤ 8.1.02020-03-26
CVE-2020-10969 [HIGH] CWE-502 CVE-2020-10969: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadg
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.
nvd
CVE-2020-10968HIGHCVSS 8.8≥ 8.0.6, ≤ 8.1.02020-03-26
CVE-2020-10968 [HIGH] CWE-502 CVE-2020-10968: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadg
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).
nvd
CVE-2020-10673HIGHCVSS 8.8≥ 8.0.6, ≤ 8.1.02020-03-18
CVE-2020-10673 [HIGH] CWE-502 CVE-2020-10673: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadg
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).
nvd
CVE-2020-10672HIGHCVSS 8.8≥ 8.0.6, ≤ 8.1.02020-03-18
CVE-2020-10672 [HIGH] CWE-502 CVE-2020-10672: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadg
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).
nvd
CVE-2020-9546CRITICALCVSS 9.8≥ 8.0.6, ≤ 8.1.02020-03-02
CVE-2020-9546 [CRITICAL] CWE-502 CVE-2020-9546: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadg
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).
nvd
CVE-2020-2688HIGHCVSS 7.1≥ 8.0.4, ≤ 8.0.82020-01-15
CVE-2020-2688 [HIGH] CVE-2020-2688: Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Ora
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Object Migration). Supported versions that are affected are 8.0.4-8.0.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytica
nvd
CVE-2019-12399HIGHCVSS 7.5≥ 8.0.6, ≤ 8.1.02020-01-14
CVE-2019-12399 [HIGH] CWE-319 CVE-2019-12399: When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configur
When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration property value, then any client can issue a request to the same Connect c
nvd
CVE-2019-10219MEDIUMCVSS 6.1≥ 8.0.7, ≤ 8.1.1v7.3.32019-11-08
CVE-2019-10219 [MEDIUM] CWE-79 CVE-2019-10219: A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properl
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
nvd