Oracle Financial Services Institutional Performance Analytics 8.0.7

CPE Details

Oracle Financial Services Institutional Performance Analytics 8.0.7
oracle
financial_services_institutional_performance_analytics
8.0.7
2020-12-28
11h31 +00:00
2020-12-28
11h31 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*

Informations

Vendor

oracle

Product

financial_services_institutional_performance_analytics

Version

8.0.7

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2020-11022 2020-04-28 22h00 +00:00 In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
6.9
Moyen
CVE-2020-11112 2020-03-31 02h37 +00:00 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).
8.8
Haute
CVE-2020-11113 2020-03-31 02h37 +00:00 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).
8.8
Haute
CVE-2020-10968 2020-03-26 11h43 +00:00 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).
8.8
Haute
CVE-2020-10969 2020-03-26 11h43 +00:00 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.
8.8
Haute
CVE-2020-10672 2020-03-18 20h17 +00:00 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).
8.8
Haute
CVE-2020-10673 2020-03-18 20h17 +00:00 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).
8.8
Haute
CVE-2020-9546 2020-03-02 02h59 +00:00 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).
9.8
Critique
CVE-2019-11358 2019-04-18 22h00 +00:00 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
6.1
Moyen