Oracle Financial Services Market Risk Measurement and Management 8.0.6

CPE Details

Oracle Financial Services Market Risk Measurement and Management 8.0.6
oracle
financial_services_market_risk_measurement_and_management
8.0.6
2021-01-27
12h25 +00:00
2021-01-27
12h25 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*

Informations

Vendor

oracle

Product

financial_services_market_risk_measurement_and_management

Version

8.0.6

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2019-0233 2020-09-14 14h50 +00:00 An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.
7.5
Haute
CVE-2019-0230 2020-09-14 14h41 +00:00 Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.
9.8
Critique
CVE-2020-11022 2020-04-28 22h00 +00:00 In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
6.9
Moyen
CVE-2020-9488 2020-04-27 13h36 +00:00 Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1
3.7
Bas
CVE-2019-12415 2019-10-23 17h27 +00:00 In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.
5.5
Moyen
CVE-2019-11358 2019-04-18 22h00 +00:00 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
6.1
Moyen
CVE-2015-9251 2018-01-18 22h00 +00:00 jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
6.1
Moyen
CVE-2017-15708 2017-12-11 15h00 +00:00 In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). So Apache Synapse 3.0.1 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows remote code execution attacks that can be performed by injecting specially crafted serialized objects. And the presence of Apache Commons Collections 3.2.1 (commons-collections-3.2.1.jar) or previous versions in Synapse distribution makes this exploitable. To mitigate the issue, we need to limit RMI access to trusted users only. Further upgrading to 3.0.1 version will eliminate the risk of having said Commons Collection version. In Synapse 3.0.1, Commons Collection has been updated to 3.2.2 version.
9.8
Critique