Latest oracle financial services market risk measurement and management Vulnerabilities

● CVE-2019-0230

Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.

Apache Struts>=2.0.0<=2.5.20

Oracle Communications Policy Management=12.5.0

Oracle Financial Services Data Integration Hub=8.0.3

Oracle Financial Services Data Integration Hub=8.0.6

Oracle Financial Services Market Risk Measurement and Management=8.0.6

IBM Cognos Analytics<=8.0.23

● CVE-2019-0233

An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.

Apache Struts>=2.0.0<=2.5.20

Oracle Communications Policy Management=12.5.0

Oracle Financial Services Data Integration Hub=8.0.3

Oracle Financial Services Data Integration Hub=8.0.6

Oracle Financial Services Market Risk Measurement and Management=8.0.6

IBM Cognos Analytics<=8.0.23

● CVE-2020-9488

Apache Log4j is vulnerable to a man-in-the-middle attack, caused by improper certificate validation with host mismatch in the SMTP appender. An attacker could exploit this vulnerability to launch a ma...

debian/apache-log4j2

redhat/qpid-cpp<0:1.36.0-31.el6_10a

redhat/qpid-proton<0:0.32.0-1.el6_10

redhat/qpid-cpp<0:1.36.0-31.el7a

redhat/qpid-proton<0:0.32.0-2.el7

redhat/nodejs-rhea<0:1.0.24-1.el8

and 110 more

● CVE-2020-11022

### Impact Passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. `.html()`, `.append()`, and others) may execute untrusted code. ### Patch...

rubygems/jquery-rails<4.4.0

maven/org.webjars.npm:jquery>=1.2.0<3.5.0

nuget/jquery>=1.2.0<3.5.0

npm/jquery>=1.2.0<3.5.0

redhat/qpid-dispatch<0:1.13.0-3.el6_10

redhat/qpid-dispatch<0:1.13.0-3.el7

and 164 more

● CVE-2019-12415

Apache POI could allow a remote attacker to obtain sensitive information, caused by an XML external entity (XXE) error when processing XML data by tool XSSFExportToXml. By sending a specially-crafted ...

redhat/poi<4.1.0

IBM Cloud Pak for Business Automation<=V22.0.2

IBM Cloud Pak for Business Automation<=V21.0.3 - V21.0.3-IF016

IBM Cloud Pak for Business Automation<=V22.0.1 - V22.0.1-IF006 and later fixes V21.0.2 - V21.0.2-IF012 and later fixesV21.0.1 - V21.0.1-IF007 and later fixesV20.0.1 - V20.0.3 and later fixesV19.0.1 - V19.0.3 and later fixesV18.0.0 - V18.0.2 and later fixes

Apache POI<=4.1.0

Oracle Application Testing Suite=12.5.0.3

and 63 more

● CVE-2019-11358

A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted J...

redhat/ansible-tower<0:3.5.2-1.el7a

redhat/cfme<0:5.10.9.1-1.el7cf

redhat/cfme-amazon-smartstate<0:5.10.9.1-1.el7cf

redhat/cfme-appliance<0:5.10.9.1-1.el7cf

redhat/cfme-gemset<0:5.10.9.1-1.el7cf

redhat/ovirt-ansible-hosted-engine-setup<0:1.0.23-1.el7e

and 267 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.