Vulnerabilities > Oracle > Financial Services Analytical Applications Infrastructure > 8.0.9.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-27 | CVE-2021-22118 | Exposure of Resource to Wrong Sphere vulnerability in multiple products In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data. | 7.8 |
| 2021-04-23 | CVE-2021-26291 | Origin Validation Error vulnerability in multiple products Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. | 9.1 |
| 2021-04-13 | CVE-2021-29425 | Path Traversal vulnerability in multiple products In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. | 4.8 |
| 2020-11-12 | CVE-2019-17566 | Server-Side Request Forgery (SSRF) vulnerability in multiple products Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. | 7.5 |
| 2020-09-19 | CVE-2020-5421 | In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. | 6.5 |
| 2020-07-15 | CVE-2020-14685 | Unspecified vulnerability in Oracle Financial Services Analytical Applications Infrastructure Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). | 6.5 |
| 2020-07-15 | CVE-2020-14684 | Unspecified vulnerability in Oracle Financial Services Analytical Applications Infrastructure Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). | 4.3 |
| 2020-07-15 | CVE-2020-14662 | Unspecified vulnerability in Oracle Financial Services Analytical Applications Infrastructure Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). | 6.3 |
| 2020-07-15 | CVE-2020-14615 | Cross-site Scripting vulnerability in Oracle Financial Services Analytical Applications Infrastructure Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). | 6.1 |
| 2020-07-15 | CVE-2020-14605 | Unspecified vulnerability in Oracle Financial Services Analytical Applications Infrastructure Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). | 6.5 |