Oracle Financial Services Data Integration Hub vulnerabilities

6 known vulnerabilities affecting oracle/financial_services_data_integration_hub.

Total CVEs
6
CISA KEV
1
actively exploited
Public exploits
4
Exploited in wild
3
Severity breakdown
CRITICAL2HIGH1MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2020-17530CRITICALCVSS 9.8KEVPoCv8.0.3v8.0.62020-12-11
CVE-2020-17530 [CRITICAL] CWE-917 CVE-2020-17530: Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.
nvd
CVE-2019-0230CRITICALCVSS 9.8PoCv8.0.3v8.0.62020-09-14
CVE-2019-0230 [CRITICAL] CWE-1321 CVE-2019-0230: Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.
nvd
CVE-2019-0233HIGHCVSS 7.5v8.0.3v8.0.62020-09-14
CVE-2019-0233 [HIGH] CWE-281 CVE-2019-0233: An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when pe An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.
nvd
CVE-2020-11022MEDIUMCVSS 6.1ExploitedPoCv8.0.6v8.0.7+1 more2020-04-29
CVE-2020-11022 [MEDIUM] CWE-79 CVE-2020-11022: In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted source In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
nvd
CVE-2019-11358MEDIUMCVSS 6.1ExploitedPoC≥ 8.0.5, ≤ 8.0.7v8.1.02019-04-20
CVE-2019-11358 [MEDIUM] CWE-1321 CVE-2019-11358: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(t jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
nvd
CVE-2015-9251MEDIUMCVSS 6.1≥ 8.0.5, ≤ 8.0.72018-01-18
CVE-2015-9251 [MEDIUM] CWE-79 CVE-2015-9251: jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax req jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
nvd