Banking Digital Experience

banking_digital_experience

Vendor: Oracle • 31 CVEs

CVEs (31)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-11111 4Debian FasterxmlNetapp+1 more 25Agile Plm Autovue For Agile Product Lifecycle ManagementBanking Digital Experience+22 more Nov 21, 2024 Mar 31, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms)...Show more FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).Show less
CVE-2020-10969 4Debian FasterxmlNetapp+1 more 31Agile Plm Autovue For Agile Product Lifecycle ManagementBanking Digital Experience+28 more Nov 21, 2024 Mar 26, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.
CVE-2020-10968 4Debian FasterxmlNetapp+1 more 31Agile Plm Autovue For Agile Product Lifecycle ManagementBanking Digital Experience+28 more Nov 21, 2024 Mar 26, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).
CVE-2020-10673 4Debian FasterxmlNetapp+1 more 31Agile Plm Autovue For Agile Product Lifecycle ManagementBanking Digital Experience+28 more Nov 21, 2024 Mar 18, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).
CVE-2020-10672 4Debian FasterxmlNetapp+1 more 31Agile Plm Autovue For Agile Product Lifecycle ManagementBanking Digital Experience+28 more Nov 21, 2024 Mar 18, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jm...Show more FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).Show less
CVE-2020-9548 4Debian FasterxmlNetapp+1 more 25Active Iq Unified Manager Agile PlmAutovue For Agile Product Lifecycle Management+22 more Nov 21, 2024 Mar 2, 2020 N/A· v4 9.8 CRITICAL· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).
CVE-2020-9546 4Debian FasterxmlNetapp+1 more 31Active Iq Unified Manager Agile PlmAutovue For Agile Product Lifecycle Management+28 more Apr 29, 2026 Mar 2, 2020 N/A· v4 9.8 CRITICAL· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).
CVE-2019-10219 3Netapp OracleRedhat 188Access Manager Active Iq Unified ManagerAgile Engineering Data Management+185 more Jul 7, 2025 Nov 8, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can r...Show more A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.Show less
CVE-2019-3019 1Oracle 1Banking Digital Experience Nov 21, 2024 Oct 16, 2019 N/A· v4 5.4 MEDIUM· v3 4.9 MEDIUM· v2 Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: Loan Calculator). Supported versions that are affected are 18.1, 18.2, 18.3 and 19.1. Easily exploitabl...Show more Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: Loan Calculator). Supported versions that are affected are 18.1, 18.2, 18.3 and 19.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Digital Experience. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Digital Experience, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Digital Experience accessible data as well as unauthorized read access to a subset of Oracle Banking Digital Experience accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).Show less
CVE-2019-17495 2Oracle Smartbear 6Banking Apis Banking Digital ExperienceBanking Platform+3 more Nov 21, 2024 Oct 10, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltr...Show more A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows the embedding of untrusted JSON data from remote servers, but it was not previously known that <style>@import within the JSON data was a functional attack method.Show less
CVE-2019-11358 11Backdropcms DebianDrupal+8 more 105Agile Product Lifecycle Management For Process Application ExpressApplication Service Level Management+102 more Nov 21, 2024 Apr 20, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ p...Show more jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.Show less

Previous 12