Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Oracle Subscribe
Filtered by product Banking Enterprise Originations
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-13990 4 Apache, Netapp, Oracle and 1 more 30 Tomee, Active Iq Unified Manager, Cloud Secure Agent and 27 more 2023-03-03 7.5 HIGH 9.8 CRITICAL
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.
CVE-2019-12415 2 Apache, Oracle 27 Poi, Application Testing Suite, Banking Enterprise Originations and 24 more 2022-04-08 2.1 LOW 5.5 MEDIUM
In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.
CVE-2019-2904 1 Oracle 22 Application Testing Suite, Banking Enterprise Collections, Banking Enterprise Originations and 19 more 2021-05-18 7.5 HIGH 9.8 CRITICAL
Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).