Vulnerabilities > Oracle > Hyperion Financial Reporting > 11.1.2.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-19 | CVE-2021-27906 | A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. | 5.5 |
| 2021-03-19 | CVE-2021-27807 | Excessive Iteration vulnerability in multiple products A carefully crafted PDF file can trigger an infinite loop while loading the file. | 5.5 |
| 2020-11-12 | CVE-2019-17566 | Server-Side Request Forgery (SSRF) vulnerability in multiple products Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. | 7.5 |
| 2020-04-29 | CVE-2020-11023 | Cross-site Scripting vulnerability in multiple products In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. | 6.1 |
| 2020-04-15 | CVE-2020-2769 | Unspecified vulnerability in Oracle Hyperion Financial Reporting 11.1.2.4 Vulnerability in the Hyperion Financial Reporting product of Oracle Hyperion (component: Web Based Report Designer). | 2.4 |
| 2019-10-16 | CVE-2019-2959 | Unspecified vulnerability in Oracle Hyperion Financial Reporting 11.1.2.4 Vulnerability in the Hyperion Financial Reporting product of Oracle Hyperion (component: Security Models). | 4.2 |
| 2019-04-17 | CVE-2019-0228 | XXE vulnerability in multiple products Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF. | 9.8 |
| 2016-07-21 | CVE-2016-3493 | Unspecified vulnerability in Oracle Hyperion Financial Reporting 11.1.2.4 Unspecified vulnerability in the Hyperion Financial Reporting component in Oracle Hyperion 11.1.2.4 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Security Models. | 9.8 |