Vulnerabilities > Oracle > Agile Product Lifecycle Management Integration Pack

DATE CVE VULNERABILITY TITLE RISK
2020-12-03 CVE-2020-25649 XXE vulnerability in multiple products
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly.
7.5
2019-11-08 CVE-2019-10219 Cross-site Scripting vulnerability in multiple products
A vulnerability was found in Hibernate-Validator.
network
low complexity
redhat netapp oracle CWE-79
6.1
2019-08-20 CVE-2019-10086 Deserialization of Untrusted Data vulnerability in multiple products
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects.
7.3