Vulnerabilities > Oracle > Financial Services Analytical Applications Infrastructure > High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-07-30	CVE-2019-14439	Deserialization of Untrusted Data vulnerability in multiple products A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. network low complexity fasterxml debian fedoraproject apache redhat oracle CWE-502	7.5
2019-05-01	CVE-2019-0227	Server-Side Request Forgery (SSRF) vulnerability in multiple products A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. high complexity apache oracle CWE-918	7.5
2018-10-18	CVE-2018-15756	Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. network low complexity vmware oracle debian	7.5
2018-01-18	CVE-2018-2660	Unspecified vulnerability in Oracle Financial Services Analytical Applications Infrastructure Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure component of Oracle Financial Services Applications (subcomponent: Core). network low complexity oracle	7.4
2017-10-04	CVE-2017-12617	Unrestricted Upload of File with Dangerous Type vulnerability in multiple products When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. network high complexity apache canonical oracle debian netapp redhat CWE-434	8.1

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.