This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Oracle First view 2017-04-17
Product Financial Services Profitability Management Last view 2020-04-29
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:oracle:financial_services_profitability_management:8.0.2.0.0:*:*:*:*:*:*:* 5
cpe:2.3:a:oracle:financial_services_profitability_management:8.0.3.0.0:*:*:*:*:*:*:* 5
cpe:2.3:a:oracle:financial_services_profitability_management:8.0.4.0.0:*:*:*:*:*:*:* 5
cpe:2.3:a:oracle:financial_services_profitability_management:8.0.5.0.0:*:*:*:*:*:*:* 5
cpe:2.3:a:oracle:financial_services_profitability_management:8.0.1.0.0:*:*:*:*:*:*:* 5
cpe:2.3:a:oracle:financial_services_profitability_management:6.1.0.0.0:*:*:*:*:*:*:* 5
cpe:2.3:a:oracle:financial_services_profitability_management:6.1.1.0.0:*:*:*:*:*:*:* 5
cpe:2.3:a:oracle:financial_services_profitability_management:8.0.0.0.0:*:*:*:*:*:*:* 5
cpe:2.3:a:oracle:financial_services_profitability_management:6.1.0.2.2:*:*:*:*:*:*:* 5
cpe:2.3:a:oracle:financial_services_profitability_management:8.0.6:*:*:*:*:*:*:* 5
cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7:*:*:*:*:*:*:* 4
cpe:2.3:a:oracle:financial_services_profitability_management:6.1.1:*:*:*:*:*:*:* 3
cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:* 2

Related : CVE

  Date Alert Description
6.1 2020-04-29 CVE-2020-11022

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

7.1 2020-04-15 CVE-2020-2940

Vulnerability in the Oracle Financial Services Profitability Management product of Oracle Financial Services Applications (component: User Interface). Supported versions that are affected are 8.0.6 and 8.0.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Profitability Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Profitability Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Profitability Management accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N).

6.1 2019-04-19 CVE-2019-11358

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.

6.1 2018-01-18 CVE-2015-9251

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

8.1 2018-01-17 CVE-2018-2679

Vulnerability in the Oracle Financial Services Profitability Management component of Oracle Financial Services Applications (subcomponent: User Interface). Supported versions that are affected are 6.1.x and 8.0.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Profitability Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Profitability Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Profitability Management accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).

6.1 2018-01-17 CVE-2018-2670

Vulnerability in the Oracle Financial Services Profitability Management component of Oracle Financial Services Applications (subcomponent: User Interface). Supported versions that are affected are 6.1.x and 8.0.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Profitability Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Profitability Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Profitability Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Profitability Management accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).

9.8 2017-04-17 CVE-2017-5645

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-502 Deserialization of Untrusted Data
50% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')

Nessus® Vulnerability Scanner

id Description
2018-08-08 Name: A web application running on the remote host is affected by multiple vulnerab...
File: mysql_enterprise_monitor_3_4_8.nasl - Type: ACT_GATHER_INFO
2018-03-21 Name: The remote device is affected by multiple vulnerabilities.
File: juniper_space_jsa_10838.nasl - Type: ACT_GATHER_INFO
2018-02-07 Name: The remote web server is affected by a cross site scripting vulnerability.
File: jquery_2_2_0.nasl - Type: ACT_GATHER_INFO
2017-12-13 Name: The remote Red Hat host is missing a security update.
File: redhat-RHSA-2017-3399.nasl - Type: ACT_GATHER_INFO
2017-09-28 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-2809.nasl - Type: ACT_GATHER_INFO
2017-09-28 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-2808.nasl - Type: ACT_GATHER_INFO
2017-09-27 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-2811.nasl - Type: ACT_GATHER_INFO
2017-09-11 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2017-1214.nasl - Type: ACT_GATHER_INFO
2017-09-11 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2017-1213.nasl - Type: ACT_GATHER_INFO
2017-09-08 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-2636.nasl - Type: ACT_GATHER_INFO
2017-09-08 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-2638.nasl - Type: ACT_GATHER_INFO
2017-09-08 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-2637.nasl - Type: ACT_GATHER_INFO
2017-09-08 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-2635.nasl - Type: ACT_GATHER_INFO
2017-09-01 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2017-2423.nasl - Type: ACT_GATHER_INFO
2017-08-22 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20170807_log4j_on_SL7_x.nasl - Type: ACT_GATHER_INFO
2017-08-10 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-2423.nasl - Type: ACT_GATHER_INFO
2017-08-10 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-2423.nasl - Type: ACT_GATHER_INFO
2017-07-17 Name: The remote Fedora host is missing a security update.
File: fedora_2017-b8358cda24.nasl - Type: ACT_GATHER_INFO
2017-07-17 Name: The remote Fedora host is missing a security update.
File: fedora_2017-11edc0d6c3.nasl - Type: ACT_GATHER_INFO
2017-06-13 Name: The remote Fedora host is missing a security update.
File: fedora_2017-8348115acd.nasl - Type: ACT_GATHER_INFO
2017-06-13 Name: The remote Fedora host is missing a security update.
File: fedora_2017-7e0ff7f73a.nasl - Type: ACT_GATHER_INFO
2017-05-05 Name: The remote Fedora host is missing a security update.
File: fedora_2017-2ccfbd650a.nasl - Type: ACT_GATHER_INFO
2017-05-03 Name: The remote Fedora host is missing a security update.
File: fedora_2017-511ebfa8a3.nasl - Type: ACT_GATHER_INFO