Vulnerabilities > Oracle > BI Publisher > 12.2.1.4.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-21 | CVE-2021-2401 | Information Exposure vulnerability in Oracle BI Publisher Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). | 5.0 |
| 2021-03-23 | CVE-2021-21346 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products XStream is a Java library to serialize objects to XML and back again. | 9.8 |
| 2020-07-15 | CVE-2020-14585 | Cross-site Scripting vulnerability in Oracle BI Publisher 11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Mobile Service). | 4.3 |
| 2020-07-15 | CVE-2020-14584 | Cross-site Scripting vulnerability in Oracle BI Publisher 12.2.1.3.0/12.2.1.4.0 Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). | 4.3 |
| 2020-07-15 | CVE-2020-14571 | Injection vulnerability in Oracle BI Publisher 11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Mobile Service). | 6.4 |
| 2020-07-15 | CVE-2020-14570 | Unspecified vulnerability in Oracle BI Publisher 11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Mobile Service). network oracle | 5.8 |
| 2019-11-08 | CVE-2019-10219 | Cross-site Scripting vulnerability in multiple products A vulnerability was found in Hibernate-Validator. | 6.1 |
| 2019-10-16 | CVE-2019-2898 | Unspecified vulnerability in Oracle BI Publisher 11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Vulnerability in the BI Publisher (formerly XML Publisher) product of Oracle Fusion Middleware (component: BI Publisher Security). | 4.0 |
| 2019-04-20 | CVE-2019-11358 | jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. | 6.1 |
| 2017-04-17 | CVE-2017-5645 | Deserialization of Untrusted Data vulnerability in multiple products In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. | 9.8 |