Oracle Financial Services Data Integration Hub
By the Year
In 2024 there have been 0 vulnerabilities in Oracle Financial Services Data Integration Hub . Financial Services Data Integration Hub did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 0 | 0.00 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 4 | 8.30 |
2019 | 1 | 6.10 |
2018 | 1 | 6.10 |
It may take a day or so for new Financial Services Data Integration Hub vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Oracle Financial Services Data Integration Hub Security Vulnerabilities
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution
CVE-2020-17530
9.8 - Critical
- December 11, 2020
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.
EL Injection
An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.
CVE-2019-0233
7.5 - High
- September 14, 2020
An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.
Improper Preservation of Permissions
Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation
CVE-2019-0230
9.8 - Critical
- September 14, 2020
Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.
Prototype Pollution
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML
CVE-2020-11022
6.1 - Medium
- April 29, 2020
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
XSS
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML
CVE-2020-11022
6.1 - Medium
- April 29, 2020
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
XSS
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML
CVE-2020-11022
6.1 - Medium
- April 29, 2020
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
XSS
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {},
CVE-2019-11358
6.1 - Medium
- April 20, 2019
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
Prototype Pollution
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option
CVE-2015-9251
6.1 - Medium
- January 18, 2018
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Oracle Weblogic Server or by Oracle? Click the Watch button to subscribe.