Vulnerabilities > Oracle > Financial Services Data Integration HUB > 8.0.3

DATE	CVE	VULNERABILITY TITLE	RISK
2020-12-11	CVE-2020-17530	Expression Language Injection vulnerability in multiple products Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. network low complexity apache oracle CWE-917 critical	9.8
2020-09-14	CVE-2019-0233	Improper Preservation of Permissions vulnerability in multiple products An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload. network low complexity apache oracle CWE-281	7.5
2020-09-14	CVE-2019-0230	Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. network low complexity apache oracle critical	9.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.