Vulnerabilities > Oracle > Business Intelligence
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-16 | CVE-2021-23839 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products OpenSSL 1.0.2 supports SSLv2. | 3.7 |
| 2020-12-11 | CVE-2020-17530 | Expression Language Injection vulnerability in multiple products Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. | 9.8 |
| 2020-12-08 | CVE-2020-1971 | NULL Pointer Dereference vulnerability in multiple products The X.509 GeneralName type is a generic type for representing different types of names. | 5.9 |
| 2020-11-12 | CVE-2019-17566 | Server-Side Request Forgery (SSRF) vulnerability in multiple products Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. | 7.5 |
| 2020-11-12 | CVE-2020-13954 | Cross-site Scripting vulnerability in multiple products By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. | 6.1 |
| 2020-07-15 | CVE-2020-14690 | Unspecified vulnerability in Oracle Business Intelligence Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). | 8.2 |
| 2020-07-15 | CVE-2020-14626 | Unspecified vulnerability in Oracle Business Intelligence Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). | 8.1 |
| 2020-07-15 | CVE-2020-14609 | Unspecified vulnerability in Oracle Business Intelligence Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web Answers). | 8.6 |
| 2020-07-15 | CVE-2020-14548 | Unspecified vulnerability in Oracle Business Intelligence 12.2.1.3.0/12.2.1.4.0 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). | 3.4 |
| 2020-06-23 | CVE-2020-9480 | Missing Authentication for Critical Function vulnerability in multiple products In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication (spark.authenticate) via a shared secret. | 9.8 |