Vulnerabilities > Oracle > Financial Services Profitability Management

DATE CVE VULNERABILITY TITLE RISK
2020-04-29 CVE-2020-11022 Cross-site Scripting vulnerability in multiple products
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e.
6.1
2020-04-15 CVE-2020-2940 Unspecified vulnerability in Oracle Financial Services Profitability Management 8.0.6/8.0.7
Vulnerability in the Oracle Financial Services Profitability Management product of Oracle Financial Services Applications (component: User Interface).
network
low complexity
oracle
7.1
2019-04-20 CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. 6.1
2018-01-18 CVE-2015-9251 Cross-site Scripting vulnerability in multiple products
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
network
low complexity
jquery oracle CWE-79
6.1
2018-01-18 CVE-2018-2679 Unspecified vulnerability in Oracle Financial Services Profitability Management
Vulnerability in the Oracle Financial Services Profitability Management component of Oracle Financial Services Applications (subcomponent: User Interface).
network
low complexity
oracle
8.1
2018-01-18 CVE-2018-2670 Unspecified vulnerability in Oracle Financial Services Profitability Management
Vulnerability in the Oracle Financial Services Profitability Management component of Oracle Financial Services Applications (subcomponent: User Interface).
network
low complexity
oracle
6.1
2017-04-17 CVE-2017-5645 Deserialization of Untrusted Data vulnerability in multiple products
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
network
low complexity
apache netapp redhat oracle CWE-502
critical
9.8