Summary
| Detail | |||
|---|---|---|---|
| Vendor | Oracle | First view | 2017-04-17 |
| Product | Financial Services Profitability Management | Last view | 2020-04-29 |
| Version | Type | Application | |
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 6.1 | 2020-04-29 | CVE-2020-11022 | In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. |
| 7.1 | 2020-04-15 | CVE-2020-2940 | Vulnerability in the Oracle Financial Services Profitability Management product of Oracle Financial Services Applications (component: User Interface). Supported versions that are affected are 8.0.6 and 8.0.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Profitability Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Profitability Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Profitability Management accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N). |
| 6.1 | 2019-04-19 | CVE-2019-11358 | jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. |
| 6.1 | 2018-01-18 | CVE-2015-9251 | jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. |
| 8.1 | 2018-01-17 | CVE-2018-2679 | Vulnerability in the Oracle Financial Services Profitability Management component of Oracle Financial Services Applications (subcomponent: User Interface). Supported versions that are affected are 6.1.x and 8.0.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Profitability Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Profitability Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Profitability Management accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). |
| 6.1 | 2018-01-17 | CVE-2018-2670 | Vulnerability in the Oracle Financial Services Profitability Management component of Oracle Financial Services Applications (subcomponent: User Interface). Supported versions that are affected are 6.1.x and 8.0.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Profitability Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Profitability Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Profitability Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Profitability Management accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). |
| 9.8 | 2017-04-17 | CVE-2017-5645 | In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 50% (1) | CWE-502 | Deserialization of Untrusted Data |
| 50% (1) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2018-08-08 | Name: A web application running on the remote host is affected by multiple vulnerab... File: mysql_enterprise_monitor_3_4_8.nasl - Type: ACT_GATHER_INFO |
| 2018-03-21 | Name: The remote device is affected by multiple vulnerabilities. File: juniper_space_jsa_10838.nasl - Type: ACT_GATHER_INFO |
| 2018-02-07 | Name: The remote web server is affected by a cross site scripting vulnerability. File: jquery_2_2_0.nasl - Type: ACT_GATHER_INFO |
| 2017-12-13 | Name: The remote Red Hat host is missing a security update. File: redhat-RHSA-2017-3399.nasl - Type: ACT_GATHER_INFO |
| 2017-09-28 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2017-2809.nasl - Type: ACT_GATHER_INFO |
| 2017-09-28 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2017-2808.nasl - Type: ACT_GATHER_INFO |
| 2017-09-27 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2017-2811.nasl - Type: ACT_GATHER_INFO |
| 2017-09-11 | Name: The remote EulerOS host is missing a security update. File: EulerOS_SA-2017-1214.nasl - Type: ACT_GATHER_INFO |
| 2017-09-11 | Name: The remote EulerOS host is missing a security update. File: EulerOS_SA-2017-1213.nasl - Type: ACT_GATHER_INFO |
| 2017-09-08 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2017-2636.nasl - Type: ACT_GATHER_INFO |
| 2017-09-08 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2017-2638.nasl - Type: ACT_GATHER_INFO |
| 2017-09-08 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2017-2637.nasl - Type: ACT_GATHER_INFO |
| 2017-09-08 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2017-2635.nasl - Type: ACT_GATHER_INFO |
| 2017-09-01 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2017-2423.nasl - Type: ACT_GATHER_INFO |
| 2017-08-22 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20170807_log4j_on_SL7_x.nasl - Type: ACT_GATHER_INFO |
| 2017-08-10 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2017-2423.nasl - Type: ACT_GATHER_INFO |
| 2017-08-10 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2017-2423.nasl - Type: ACT_GATHER_INFO |
| 2017-07-17 | Name: The remote Fedora host is missing a security update. File: fedora_2017-b8358cda24.nasl - Type: ACT_GATHER_INFO |
| 2017-07-17 | Name: The remote Fedora host is missing a security update. File: fedora_2017-11edc0d6c3.nasl - Type: ACT_GATHER_INFO |
| 2017-06-13 | Name: The remote Fedora host is missing a security update. File: fedora_2017-8348115acd.nasl - Type: ACT_GATHER_INFO |
| 2017-06-13 | Name: The remote Fedora host is missing a security update. File: fedora_2017-7e0ff7f73a.nasl - Type: ACT_GATHER_INFO |
| 2017-05-05 | Name: The remote Fedora host is missing a security update. File: fedora_2017-2ccfbd650a.nasl - Type: ACT_GATHER_INFO |
| 2017-05-03 | Name: The remote Fedora host is missing a security update. File: fedora_2017-511ebfa8a3.nasl - Type: ACT_GATHER_INFO |
