Vulnerabilities > Oracle > Business Intelligence > 5.5.0.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-19 | CVE-2022-21419 | Unspecified vulnerability in Oracle Business Intelligence 5.5.0.0.0/5.9.0.0.0 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Visual Analyzer). network oracle | 5.8 |
| 2022-04-19 | CVE-2022-21421 | Unspecified vulnerability in Oracle Business Intelligence Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). | 5.0 |
| 2021-12-18 | CVE-2021-45105 | Uncontrolled Recursion vulnerability in multiple products Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. | 5.9 |
| 2021-06-16 | CVE-2021-30468 | Infinite Loop vulnerability in multiple products A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. | 7.5 |
| 2021-04-22 | CVE-2021-2191 | Unspecified vulnerability in Oracle Business Intelligence 12.2.1.3.0/12.2.1.4.0/5.5.0.0.0 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). network oracle | 4.9 |
| 2021-04-22 | CVE-2021-2152 | Unspecified vulnerability in Oracle Business Intelligence Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). | 3.6 |
| 2021-04-02 | CVE-2021-22696 | Server-Side Request Forgery (SSRF) vulnerability in multiple products CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). | 7.5 |
| 2021-02-16 | CVE-2021-23841 | NULL Pointer Dereference vulnerability in multiple products The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. | 5.9 |
| 2021-02-16 | CVE-2021-23840 | Integer Overflow or Wraparound vulnerability in multiple products Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. | 7.5 |
| 2021-02-16 | CVE-2021-23839 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products OpenSSL 1.0.2 supports SSLv2. | 3.7 |