Vulnerabilities > Oracle > Financial Services Analytical Applications Infrastructure > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-01-26 CVE-2021-26272 Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin).
network
low complexity
ckeditor oracle CWE-829
6.5
2021-01-26 CVE-2021-26271 Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin).
network
low complexity
ckeditor oracle CWE-829
6.5
2020-11-12 CVE-2020-27193 Cross-site Scripting vulnerability in multiple products
A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs.
network
low complexity
ckeditor oracle CWE-79
6.1
2020-09-19 CVE-2020-5421 In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
network
high complexity
vmware oracle netapp
6.5
2020-07-15 CVE-2020-14685 Unspecified vulnerability in Oracle Financial Services Analytical Applications Infrastructure
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure).
network
low complexity
oracle
6.5
2020-07-15 CVE-2020-14684 Unspecified vulnerability in Oracle Financial Services Analytical Applications Infrastructure
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure).
network
low complexity
oracle
4.3
2020-07-15 CVE-2020-14662 Unspecified vulnerability in Oracle Financial Services Analytical Applications Infrastructure
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure).
network
low complexity
oracle
6.3
2020-07-15 CVE-2020-14615 Cross-site Scripting vulnerability in Oracle Financial Services Analytical Applications Infrastructure
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure).
network
low complexity
oracle CWE-79
6.1
2020-07-15 CVE-2020-14605 Unspecified vulnerability in Oracle Financial Services Analytical Applications Infrastructure
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure).
network
low complexity
oracle
6.5
2020-07-15 CVE-2020-14604 Unspecified vulnerability in Oracle Financial Services Analytical Applications Infrastructure
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure).
network
low complexity
oracle
5.3