CPE Details
Oracle Financial Services Analytical Applications Infrastructure 7.3.3
7.3.3
2021-01-27
12h25 +00:00
12h25 +00:00
2021-01-27
12h25 +00:00
12h25 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:7.3.3:*:*:*:*:*:*:*
Informations
Vendor
oracleProduct
financial_services_analytical_applications_infrastructureVersion
7.3.3Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. | 6.1 |
Medium |
||
| A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue. | 7.5 |
High |
||
| jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. | 6.1 |
Medium |
||
| Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services. | 6.1 |
Medium |
||
| jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. | 6.1 |
Medium |
2025©
tesweb SA
