CPE Details
Oracle Financial Services Analytical Applications Infrastructure 7.3.5
7.3.5
2021-01-27
12h25 +00:00
12h25 +00:00
2021-01-27
12h25 +00:00
12h25 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:7.3.5:*:*:*:*:*:*:*
Informations
Vendor
oracleProduct
financial_services_analytical_applications_infrastructureVersion
7.3.5Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue. | 7.5 |
High |
||
| jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. | 6.1 |
Medium |
||
| Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services. | 6.1 |
Medium |
||
| jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. | 6.1 |
Medium |
||
| When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. | 8.1 |
High |
2025©
tesweb SA
