Latest oracle financial services behavior detection platform Vulnerabilities

CVE-2023-21902
Vulnerability in the Oracle Financial Services Behavior Detection Platform product of Oracle Financial Services Applications (component: Application). The supported version that is affected is 8.0.8...
Oracle Financial Services Behavior Detection Platform=8.0.8.1
CVE-2022-22963
VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability
VMware Tanzu Spring Cloud
Vmware Spring Cloud Function<=3.1.6
Vmware Spring Cloud Function>=3.2.0<=3.2.2
Oracle Banking Branch=14.5
Oracle Banking Cash Management=14.5
Oracle Banking Corporate Lending Process Management=14.5
and 42 more
CVE-2022-22965
Spring Framework JDK 9+ Remote Code Execution Vulnerability
VMware Spring Framework
VMware Spring Framework<5.2.20
VMware Spring Framework>=5.3.0<5.3.18
Cisco CX Cloud Agent<2.1.0
Oracle Communications Cloud Native Core Automated Test Suite=1.9.0
Oracle Communications Cloud Native Core Automated Test Suite=22.1.0
and 84 more
CVE-2022-24729
CKEditor is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the dialog plugin. By sending a specially-crafted regex input, a remote attacker could e...
Ckeditor Ckeditor>=4.0<4.18.0
Drupal Drupal>=8.0.0<9.2.15
Drupal Drupal>=9.3.0<9.3.8
Oracle Application Express<22.1.1
Oracle Commerce Merchandising=11.3.2
Oracle Financial Services Analytical Applications Infrastructure>=8.0.7.0.0<=8.1.0.0.0
and 14 more
CVE-2022-24728
CKEditor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a...
Ckeditor Ckeditor>=4.0<4.18.0
Drupal Drupal>=8.0.0<9.2.15
Drupal Drupal>=9.3.0<9.3.8
Oracle Application Express<22.1.1
Oracle Commerce Merchandising=11.3.2
Oracle Financial Services Analytical Applications Infrastructure>=8.0.7.0.0<=8.1.0.0.0
and 14 more
CVE-2022-23437
Apache Xerces2 Java XML Parser is vulnerable to a denial of service, caused by an infinite loop in the XML parser. By persuading a victim to open a specially-crafted XML document payloads, a remote at...
redhat/eap7-xerces-j2<0:2.12.0-3.SP04_redhat_00001.1.el8ea
redhat/eap7-xerces-j2<0:2.12.0-3.SP04_redhat_00001.1.el7ea
IBM Sterling Secure Proxy<=6.0.3
redhat/xerces-j2<2.12.2
Apache Xerces-j<=2.12.1
Oracle Agile Engineering Data Management=6.2.1.0
and 56 more
CVE-2021-38153
Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful...
maven/org.apache.kafka:kafka-clients=2.8.0
maven/org.apache.kafka:kafka-clients>=2.7.0<2.7.2
maven/org.apache.kafka:kafka-clients>=2.0.0<2.6.3
maven/org.apache.kafka:kafka_2.13=2.8.0
maven/org.apache.kafka:kafka_2.13>=2.7.0<2.7.2
maven/org.apache.kafka:kafka_2.13>=2.4.0<2.6.3
and 26 more
CVE-2021-2351
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unau...
Oracle Advanced Networking Option=12.1.0.2
Oracle Advanced Networking Option=12.2.0.1
Oracle Advanced Networking Option=19c
Oracle Agile Engineering Data Management=6.2.1.0
Oracle Agile PLM=9.3.6
Oracle Agile Product Lifecycle Management for Process=6.2.2.0
and 242 more
CVE-2020-36518
A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.
debian/jackson-databind<=2.9.8-3+deb10u3
redhat/jackson-databind<0:2.14.1-2.el9
redhat/eap7-jackson-databind<0:2.12.6.1-1.redhat_00003.1.el8ea
redhat/eap7-jackson-databind<0:2.12.6.1-1.redhat_00003.1.el7ea
redhat/rh-sso7-keycloak<0:15.0.8-1.redhat_00001.1.el7
redhat/rh-sso7-keycloak<0:15.0.8-1.redhat_00001.1.el8
and 88 more
CVE-2019-10219
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This...
redhat/eap7-apache-cxf<0:3.2.11-1.redhat_00001.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.5-6.SP3_redhat_00004.1.el6ea
redhat/eap7-hal-console<0:3.0.19-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate<0:5.3.14-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate-validator<0:6.0.18-1.Final_redhat_00001.1.el6ea
redhat/eap7-jackson-annotations<0:2.9.10-1.redhat_00003.1.el6ea
and 779 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203