Vulnerabilities > Oracle > Service BUS

DATE CVE VULNERABILITY TITLE RISK
2019-08-20 CVE-2019-10086 Deserialization of Untrusted Data vulnerability in multiple products
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects.
7.3
2019-04-23 CVE-2019-2576 Unspecified vulnerability in Oracle Service BUS 11.1.1.9.0/12.1.3.0.0/12.2.1.3.0
Vulnerability in the Oracle Service Bus component of Oracle Fusion Middleware (subcomponent: Web Container).
network
low complexity
oracle
5.0
2019-04-20 CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. 6.1
2018-01-18 CVE-2015-9251 Cross-site Scripting vulnerability in multiple products
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
network
low complexity
jquery oracle CWE-79
6.1
2017-08-08 CVE-2017-10119 Unspecified vulnerability in Oracle Service BUS 11.1.1.9.0
Vulnerability in the Oracle Service Bus component of Oracle Fusion Middleware (subcomponent: OSB Web Console Design, Admin).
network
oracle
4.9
2017-04-24 CVE-2017-3507 Remote Security vulnerability in Oracle Service Bus
Vulnerability in the Oracle Service Bus component of Oracle Fusion Middleware (subcomponent: Web Console Design).
network
low complexity
oracle
7.5