Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Oracle Subscribe
Filtered by product Financial Services Data Integration Hub
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-0230 2 Apache, Oracle 5 Struts, Communications Policy Management, Financial Services Data Integration Hub and 2 more 2022-12-02 7.5 HIGH 9.8 CRITICAL
Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.
CVE-2020-11022 8 Debian, Drupal, Fedoraproject and 5 more 78 Debian Linux, Drupal, Fedora and 75 more 2022-07-25 4.3 MEDIUM 6.1 MEDIUM
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2020-17530 2 Apache, Oracle 8 Struts, Business Intelligence, Communications Diameter Intelligence Hub and 5 more 2022-06-03 7.5 HIGH 9.8 CRITICAL
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.
CVE-2019-0233 2 Apache, Oracle 5 Struts, Communications Policy Management, Financial Services Data Integration Hub and 2 more 2022-04-18 5.0 MEDIUM 7.5 HIGH
An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.
CVE-2019-11358 10 Backdropcms, Debian, Drupal and 7 more 104 Backdrop, Debian Linux, Drupal and 101 more 2022-04-06 4.3 MEDIUM 6.1 MEDIUM
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CVE-2015-9251 2 Jquery, Oracle 47 Jquery, Agile Product Lifecycle Management For Process, Banking Platform and 44 more 2021-01-08 4.3 MEDIUM 6.1 MEDIUM
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.