Insurance Policy Administration

insurance_policy_administration

Vendor: Oracle • 31 CVEs

CVEs (31)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-36185 4Debian FasterxmlNetapp+1 more 45Agile Plm Application Testing SuiteAutovue For Agile Product Lifecycle Management+42 more Nov 21, 2024 Jan 6, 2021 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource.
CVE-2020-36184 4Debian FasterxmlNetapp+1 more 45Agile Plm Application Testing SuiteAutovue For Agile Product Lifecycle Management+42 more Nov 21, 2024 Jan 6, 2021 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.
CVE-2020-36181 4Debian FasterxmlNetapp+1 more 44Agile Plm Application Testing SuiteAutovue For Agile Product Lifecycle Management+41 more Nov 21, 2024 Jan 6, 2021 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.
CVE-2020-35728 4Debian FasterxmlNetapp+1 more 40Agile Plm Application Testing SuiteAutovue+37 more Apr 29, 2026 Dec 27, 2020 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org....Show more FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).Show less
CVE-2020-17521 3Apache NetappOracle 21Agile Engineering Data Management Agile PlmAgile Plm Mcad Connector+18 more Nov 21, 2024 Dec 7, 2020 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potential...Show more Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2.Show less
CVE-2020-25649 6Apache FasterxmlFedoraproject+3 more 39Agile Plm Agile Product Lifecycle Management Integration PackBanking Apis+36 more Nov 21, 2024 Dec 3, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is...Show more A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.Show less
CVE-2020-5421 3Netapp OracleVmware 38Commerce Guided Search Communications BrmCommunications Design Studio+35 more Nov 21, 2024 Sep 19, 2020 N/A· v4 6.5 MEDIUM· v3 3.6 LOW· v2 In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser...Show more In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.Show less
CVE-2019-10219 3Netapp OracleRedhat 188Access Manager Active Iq Unified ManagerAgile Engineering Data Management+185 more Jul 7, 2025 Nov 8, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can r...Show more A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.Show less
CVE-2019-17195 3Apache Connect2idOracle 15Communications Cloud Native Core Security Edge Protection Proxy Communications Pricing Design CenterData Integrator+12 more Nov 21, 2024 Oct 15, 2019 N/A· v4 9.8 CRITICAL· v3 6.8 MEDIUM· v2 Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.
CVE-2018-1258 5Netapp OraclePivotal Software+2 more 42Agile Plm Application Testing SuiteBig Data Discovery+39 more Nov 21, 2024 May 11, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to met...Show more Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.Show less
CVE-2017-5645 4Apache NetappOracle+1 more 79Api Gateway Application Testing SuiteAutovue Vuelink Integration+76 more May 13, 2026 Apr 17, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, c...Show more In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.Show less

Previous 12