Oracle Financial Services Analytical Applications Infrastructure 7.3.3.0.1

CPE Details

Oracle Financial Services Analytical Applications Infrastructure 7.3.3.0.1
oracle
financial_services_analytical_applications_infrastructure
7.3.3.0.1
2021-01-27
14h27 +00:00
2021-01-27
14h27 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:7.3.3.0.1:*:*:*:*:*:*:*

Informations

Vendor

oracle

Product

financial_services_analytical_applications_infrastructure

Version

7.3.3.0.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2019-0227 2019-05-01
18h03 +00:00		 A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue.
7.5
High
CVE-2019-11358 2019-04-18
22h00 +00:00		 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
6.1
Medium
CVE-2018-8032 2018-08-02
13h00 +00:00		 Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.
6.1
Medium
CVE-2018-8013 2018-05-24
16h00 +00:00		 In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.
9.8
Critical
CVE-2015-9251 2018-01-18
22h00 +00:00		 jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
6.1
Medium
CVE-2017-12617 2017-10-03
15h00 +00:00		 When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
8.1
High
CVE-2017-5645 2017-04-17
19h00 +00:00		 In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
9.8
Critical