Vulnerabilities > Oracle > Financial Services Revenue Management AND Billing Analytics > 2.7

DATE	CVE	VULNERABILITY TITLE	RISK
2020-04-29	CVE-2020-11023	Cross-site Scripting vulnerability in multiple products In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. network low complexity jquery debian fedoraproject drupal oracle netapp tenable CWE-79	6.1
2019-10-16	CVE-2019-2904	Unspecified vulnerability in Oracle products Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). network low complexity oracle critical	9.8
2019-08-20	CVE-2019-10086	Deserialization of Untrusted Data vulnerability in multiple products In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. network low complexity apache debian opensuse fedoraproject redhat oracle CWE-502	7.3

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.