This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Oracle First view 2017-04-17
Product Financial Services Analytical Applications Infrastructure Last view 2021-04-22
Version 8.0.6.0.0 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
6.1 2021-04-22 CVE-2021-2140

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Rules Framework). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Analytical Applications Infrastructure, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).

8.6 2020-10-21 CVE-2020-14824

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. While the vulnerability is in Oracle Financial Services Analytical Applications Infrastructure, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.1 Base Score 8.6 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).

7.5 2020-10-01 CVE-2020-11979

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.

6.5 2020-07-15 CVE-2020-14685

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N).

4.3 2020-07-15 CVE-2020-14684

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).

6.3 2020-07-15 CVE-2020-14662

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).

6.1 2020-07-15 CVE-2020-14615

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Analytical Applications Infrastructure, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).

6.5 2020-07-15 CVE-2020-14605

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N).

5.3 2020-07-15 CVE-2020-14604

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

5.3 2020-07-15 CVE-2020-14603

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

7.1 2020-07-15 CVE-2020-14602

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N).

6.1 2020-07-15 CVE-2020-14601

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Analytical Applications Infrastructure, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).

6.1 2020-04-29 CVE-2020-11022

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

3.7 2020-04-27 CVE-2020-9488

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender.

7.1 2020-04-15 CVE-2020-2793

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6 - 8.0.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N).

8.8 2020-03-31 CVE-2020-11113

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).

8.8 2020-03-31 CVE-2020-11112

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).

8.8 2020-03-26 CVE-2020-10969

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.

8.8 2020-03-26 CVE-2020-10968

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).

8.8 2020-03-18 CVE-2020-10673

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).

8.8 2020-03-18 CVE-2020-10672

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).

9.8 2020-03-02 CVE-2020-9546

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).

7.1 2020-01-15 CVE-2020-2688

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Object Migration). Supported versions that are affected are 8.0.4-8.0.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N).

7.5 2020-01-14 CVE-2019-12399

When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration property value, then any client can issue a request to the same Connect cluster to obtain the connector's task configuration and the response will contain the plaintext secret rather than the externalized secrets variables.

9.8 2019-09-15 CVE-2019-16335

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.

CWE : Common Weakness Enumeration

%idName
47% (9) CWE-502 Deserialization of Untrusted Data
31% (6) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
5% (1) CWE-611 Information Leak Through XML External Entity File Disclosure
5% (1) CWE-319 Cleartext Transmission of Sensitive Information
5% (1) CWE-295 Certificate Issues
5% (1) CWE-184 Incomplete Blacklist

Snort® IPS/IDS

Date Description
2017-12-29 Jackson databind deserialization remote code execution attempt
RuleID : 45016 - Type : FILE-OTHER - Revision : 3
2017-12-29 Jackson databind deserialization remote code execution attempt
RuleID : 45015 - Type : FILE-OTHER - Revision : 3
2017-12-29 Jackson databind deserialization remote code execution attempt
RuleID : 45014 - Type : FILE-OTHER - Revision : 3
2017-12-29 Jackson databind deserialization remote code execution attempt
RuleID : 45013 - Type : FILE-OTHER - Revision : 3
2017-12-29 Jackson databind deserialization remote code execution attempt
RuleID : 45012 - Type : FILE-OTHER - Revision : 4
2017-12-29 Jackson databind deserialization remote code execution attempt
RuleID : 45011 - Type : FILE-OTHER - Revision : 3
2017-12-29 Jackson databind deserialization remote code execution attempt
RuleID : 45010 - Type : FILE-OTHER - Revision : 3
2017-12-29 Jackson databind deserialization remote code execution attempt
RuleID : 45009 - Type : FILE-OTHER - Revision : 3
2017-12-29 Jackson databind deserialization remote code execution attempt
RuleID : 45008 - Type : FILE-OTHER - Revision : 3
2017-12-29 Jackson databind deserialization remote code execution attempt
RuleID : 45007 - Type : FILE-OTHER - Revision : 3
2017-12-29 Jackson databind deserialization remote code execution attempt
RuleID : 45006 - Type : FILE-OTHER - Revision : 4
2017-12-29 Jackson databind deserialization remote code execution attempt
RuleID : 45005 - Type : FILE-OTHER - Revision : 4
2017-12-29 Jackson databind deserialization remote code execution attempt
RuleID : 45004 - Type : FILE-OTHER - Revision : 3
2017-12-29 Jackson databind deserialization remote code execution attempt
RuleID : 45003 - Type : FILE-OTHER - Revision : 3
2017-12-29 Jackson databind deserialization remote code execution attempt
RuleID : 45002 - Type : FILE-OTHER - Revision : 3

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-168af81706.nasl - Type: ACT_GATHER_INFO
2018-11-29 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_93f8e0fff33d11e8be460019dbb15b3f.nasl - Type: ACT_GATHER_INFO
2018-08-24 Name: The remote Fedora host is missing a security update.
File: fedora_2018-8a85ed2f10.nasl - Type: ACT_GATHER_INFO
2018-08-08 Name: A web application running on the remote host is affected by multiple vulnerab...
File: mysql_enterprise_monitor_3_4_8.nasl - Type: ACT_GATHER_INFO
2018-06-11 Name: The remote Fedora host is missing a security update.
File: fedora_2018-79792e0c64.nasl - Type: ACT_GATHER_INFO
2018-06-05 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4215.nasl - Type: ACT_GATHER_INFO
2018-05-29 Name: The remote Debian host is missing a security update.
File: debian_DLA-1385.nasl - Type: ACT_GATHER_INFO
2018-05-04 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4190.nasl - Type: ACT_GATHER_INFO
2018-03-21 Name: The remote device is affected by multiple vulnerabilities.
File: juniper_space_jsa_10838.nasl - Type: ACT_GATHER_INFO
2018-02-07 Name: The remote web server is affected by a cross site scripting vulnerability.
File: jquery_2_2_0.nasl - Type: ACT_GATHER_INFO
2017-12-15 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-3455.nasl - Type: ACT_GATHER_INFO
2017-12-15 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-3454.nasl - Type: ACT_GATHER_INFO
2017-12-14 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-3458.nasl - Type: ACT_GATHER_INFO
2017-12-13 Name: The remote Red Hat host is missing a security update.
File: redhat-RHSA-2017-3399.nasl - Type: ACT_GATHER_INFO
2017-12-04 Name: A web application running on the remote host uses a Java framework that is af...
File: struts_2_5_14_1.nasl - Type: ACT_GATHER_INFO
2017-11-17 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4037.nasl - Type: ACT_GATHER_INFO
2017-11-14 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-3189.nasl - Type: ACT_GATHER_INFO
2017-11-10 Name: The remote Red Hat host is missing a security update.
File: redhat-RHSA-2017-3141.nasl - Type: ACT_GATHER_INFO
2017-10-23 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4004.nasl - Type: ACT_GATHER_INFO
2017-09-28 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-2809.nasl - Type: ACT_GATHER_INFO
2017-09-28 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-2808.nasl - Type: ACT_GATHER_INFO
2017-09-27 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-2811.nasl - Type: ACT_GATHER_INFO
2017-09-11 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2017-1214.nasl - Type: ACT_GATHER_INFO
2017-09-11 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2017-1213.nasl - Type: ACT_GATHER_INFO
2017-09-08 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-2638.nasl - Type: ACT_GATHER_INFO