Vulnerabilities > Oracle > Business Intelligence > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-01-18 | CVE-2022-23305 | SQL Injection vulnerability in multiple products By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. | 9.8 |
2020-12-11 | CVE-2020-17530 | Expression Language Injection vulnerability in multiple products Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. | 9.8 |
2020-06-23 | CVE-2020-9480 | Missing Authentication for Critical Function vulnerability in multiple products In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication (spark.authenticate) via a shared secret. | 9.8 |
2020-04-15 | CVE-2020-2950 | Unspecified vulnerability in Oracle Business Intelligence Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). | 9.8 |
2018-05-24 | CVE-2018-8013 | Deserialization of Untrusted Data vulnerability in multiple products In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. | 9.8 |