Vulnerabilities > Oracle > Insurance Policy Administration > 11.0.2

DATE CVE VULNERABILITY TITLE RISK
2021-02-24 CVE-2020-11987 Server-Side Request Forgery (SSRF) vulnerability in multiple products
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel.
network
low complexity
apache fedoraproject oracle debian CWE-918
8.2
8.2
2021-01-07 CVE-2020-36183 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.
network
high complexity
fasterxml netapp debian oracle CWE-502
8.1
8.1
2021-01-07 CVE-2020-36182 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.
network
high complexity
fasterxml netapp debian oracle CWE-502
8.1
8.1
2021-01-07 CVE-2020-36180 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.
network
high complexity
netapp debian oracle fasterxml CWE-502
8.1
8.1
2021-01-07 CVE-2020-36179 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.
network
high complexity
netapp debian oracle fasterxml CWE-502
8.1
8.1
2021-01-06 CVE-2020-36189 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.
network
high complexity
fasterxml netapp debian oracle CWE-502
8.1
8.1
2021-01-06 CVE-2020-36188 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource.
network
high complexity
fasterxml netapp debian oracle CWE-502
8.1
8.1
2021-01-06 CVE-2020-36187 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.
network
high complexity
fasterxml netapp debian oracle CWE-502
8.1
8.1
2021-01-06 CVE-2020-36186 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.
network
high complexity
fasterxml netapp debian oracle CWE-502
8.1
8.1
2021-01-06 CVE-2020-36185 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource.
network
high complexity
fasterxml netapp debian oracle CWE-502
8.1
8.1