Financial Services Lending Leasing Oracle Financial Services Lending Leasing

Do you want an email whenever new security vulnerabilities are reported in Oracle Financial Services Lending Leasing?

By the Year

In 2024 there have been 0 vulnerabilities in Oracle Financial Services Lending Leasing . Financial Services Lending Leasing did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 0 0.00
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 2 9.80
2018 0 0.00

It may take a day or so for new Financial Services Lending Leasing vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Oracle Financial Services Lending Leasing Security Vulnerabilities

Included in Log4j 1.2 is a SocketServer class

CVE-2019-17571 9.8 - Critical - December 20, 2019

Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.

Marshaling, Unmarshaling

Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces)

CVE-2019-2904 9.8 - Critical - October 16, 2019

Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent

CVE-2017-5645 9.8 - Critical - April 17, 2017

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.

Marshaling, Unmarshaling

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Netty or by Oracle? Click the Watch button to subscribe.

Oracle
Vendor

subscribe