Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

oracle banking digital experience 19.1 vulnerabilities and exploits

(subscribe to this query)

5.4
CVSSv3
CVE-2019-3019
Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: Loan Calculator). Supported versions that are affected are 18.1, 18.2, 18.3 and 19.1. Easily exploitable vulnerability allows low privileged attacker with network...
Oracle Banking Digital Experience 18.3Oracle Banking Digital Experience 19.1Oracle Banking Digital Experience 18.1Oracle Banking Digital Experience 18.2
9.8
CVSSv3
CVE-2019-17495
A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product...
Smartbear Swagger UiOracle Utilities Framework 4.3.0.6.0Oracle Utilities Framework 4.4.0.0.0Oracle Banking Digital Experience 19.1Oracle Utilities Framework 4.4.0.2.0Oracle Banking Digital Experience 19.2Oracle Banking Digital Experience 20.1Oracle Primavera GatewayOracle Banking PlatformOracle Banking Digital Experience 21.1Oracle Banking ApisOracle Banking Apis 19.1Oracle Banking Apis 19.2Oracle Banking Apis 20.1Oracle Banking Apis 21.1Oracle Banking Digital Experience
5.4
CVSSv3
CVE-2021-41164
CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter (ACF) module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization,...
Ckeditor CkeditorDrupal DrupalOracle Banking Digital Experience 19.1Oracle Banking Digital Experience 19.2Oracle Banking Digital Experience 20.1Oracle Banking Digital Experience 21.1Oracle Banking ApisOracle Banking Apis 19.1Oracle Banking Apis 19.2Oracle Banking Apis 20.1Oracle Banking Apis 21.1Oracle Banking Digital ExperienceOracle Webcenter Portal 12.2.1.3.0Oracle Agile Plm 9.3.6Oracle Peoplesoft Enterprise Peopletools 8.58Oracle Webcenter Portal 12.2.1.4.0Oracle Commerce Guided Search 11.3.2Oracle Peoplesoft Enterprise Peopletools 8.59Oracle Application ExpressFedoraproject Fedora 36Fedoraproject Fedora 37
5.4
CVSSv3
CVE-2021-41165
CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization,...
Ckeditor CkeditorDrupal DrupalOracle Webcenter Portal 12.2.1.3.0Oracle Agile Product Lifecycle Management 9.3.6Oracle Banking Digital Experience 19.1Oracle Peoplesoft Enterprise Peopletools 8.58Oracle Webcenter Portal 12.2.1.4.0Oracle Banking Digital Experience 19.2Oracle Banking Digital Experience 20.1Oracle Commerce Guided Search 11.3.2Oracle Peoplesoft Enterprise Peopletools 8.59Oracle Banking Digital Experience 21.1Oracle Banking ApisOracle Banking Apis 19.1Oracle Banking Apis 19.2Oracle Banking Apis 20.1Oracle Banking Apis 21.1Oracle Banking Digital ExperienceOracle Application Express
7.5
CVSSv3
CVE-2021-37137
The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can...
Netty NettyOracle Webcenter Portal 12.2.1.3.0Oracle Peoplesoft Enterprise Peopletools 8.57Oracle Banking Digital Experience 18.2Oracle Banking Digital Experience 18.3Oracle Banking Digital Experience 19.1Oracle Banking Digital Experience 18.1Oracle Peoplesoft Enterprise Peopletools 8.58Oracle Webcenter Portal 12.2.1.4.0Oracle Banking Digital Experience 19.2Oracle Banking Digital Experience 20.1Oracle Commerce Guided Search 11.3.2Oracle Peoplesoft Enterprise Peopletools 8.59Oracle Banking Digital Experience 21.1Oracle Banking ApisOracle Banking Apis 19.1Oracle Banking Apis 19.2Oracle Banking Apis 20.1Oracle Banking Apis 21.1Oracle Communications Cloud Native Core Binding Support Function 1.10.0Oracle Communications Diameter Signaling RouterOracle Communications Brm - Elastic Charging Engine 12.0.0.5.0Oracle Communications Brm - Elastic Charging EngineQuarkus QuarkusNetapp Oncommand Insight -Debian Debian Linux 10.0Debian Debian Linux 11.0
8.1
CVSSv3
CVE-2020-14060
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill)....
Fasterxml Jackson-databindNetapp Active Iq Unified ManagerNetapp Steelstore Cloud Integrated Storage -Oracle Agile Plm 9.3.6Oracle Banking Digital Experience 18.1Oracle Banking Digital Experience 18.2Oracle Banking Digital Experience 18.3Oracle Banking Digital Experience 19.1Oracle Banking Digital Experience 19.2Oracle Banking Digital Experience 20.1Oracle Communications Calendar Server 8.0.0.4.0Oracle Communications Contacts Server 8.0.0.5.0Oracle Communications Diameter Signaling RouterOracle Communications Element ManagerOracle Communications Evolved Communications Application Server 7.1Oracle Communications Session Report ManagerOracle Communications Session Route Manager
8.1
CVSSv3
CVE-2020-14062
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2)....
Fasterxml Jackson-databindNetapp Active Iq Unified ManagerNetapp Steelstore Cloud Integrated Storage -Debian Debian Linux 8.0Oracle Agile Plm 9.3.6Oracle Banking Digital Experience 18.1Oracle Banking Digital Experience 18.2Oracle Banking Digital Experience 18.3Oracle Banking Digital Experience 19.1Oracle Banking Digital Experience 19.2Oracle Banking Digital Experience 20.1Oracle Communications Calendar Server 8.0.0.4.0Oracle Communications Contacts Server 8.0.0.5.0Oracle Communications Diameter Signaling RouterOracle Communications Element ManagerOracle Communications Evolved Communications Application Server 7.1Oracle Communications Session Report ManagerOracle Communications Session Route Manager
8.1
CVSSv3
CVE-2020-14195
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity)....
Fasterxml Jackson-databindNetapp Active Iq Unified ManagerNetapp Steelstore Cloud Integrated Storage -Debian Debian Linux 8.0Oracle Agile Plm 9.3.6Oracle Banking Digital Experience 18.1Oracle Banking Digital Experience 18.2Oracle Banking Digital Experience 18.3Oracle Banking Digital Experience 19.1Oracle Banking Digital Experience 19.2Oracle Banking Digital Experience 20.1Oracle Communications Calendar Server 8.0.0.4.0Oracle Communications Contacts Server 8.0.0.5.0Oracle Communications Diameter Signaling RouterOracle Communications Element ManagerOracle Communications Evolved Communications Application Server 7.1Oracle Communications Instant Messaging Server 10.0.1.4.0Oracle Communications Session Report ManagerOracle Communications Session Route Manager
8.1
CVSSv3
CVE-2020-14061
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory,...
Fasterxml Jackson-databindNetapp Active Iq Unified ManagerNetapp Steelstore Cloud Integrated Storage -Debian Debian Linux 8.0Oracle Agile Plm 9.3.6Oracle Autovue For Agile Product Lifecycle Management 21.0.2Oracle Banking Digital Experience 18.1Oracle Banking Digital Experience 18.2Oracle Banking Digital Experience 18.3Oracle Banking Digital Experience 19.1Oracle Banking Digital Experience 19.2Oracle Banking Digital Experience 20.1Oracle Communications Calendar Server 8.0.0.4.0Oracle Communications Contacts Server 8.0.0.5.0Oracle Communications Diameter Signaling RouterOracle Communications Element ManagerOracle Communications Evolved Communications Application Server 7.1Oracle Communications Instant Messaging Server 10.0.1.4.0Oracle Communications Session Report ManagerOracle Communications Session Route Manager
8.2
CVSSv3
CVE-2020-11987
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests....
Apache BatikFedoraproject Fedora 33Fedoraproject Fedora 34Oracle Enterprise Repository 11.1.1.7.0Oracle Retail Back Office 14.1Oracle Retail Order Broker 15.0Oracle Retail Order Broker 16.0Oracle Retail Returns Management 14.1Oracle Retail Central Office 14.1Oracle Retail Point-of-service 14.1Oracle Instantis Enterprisetrack 17.1Oracle Instantis Enterprisetrack 17.2Oracle Instantis Enterprisetrack 17.3Oracle Communications Metasolv Solution 6.3.0Oracle Banking Digital Experience 18.3Oracle Banking Digital Experience 19.1Oracle Fusion Middleware Mapviewer 12.2.1.4.0Oracle Banking Digital Experience 19.2Oracle Banking Digital Experience 20.1Oracle Communications Offline Mediation Controller 12.0.0.3.0Oracle Communications Metasolv Solution 6.3.1Oracle Communications Application Session Controller 3.9m0p3Oracle Insurance Policy AdministrationOracle Retail Order Management System Cloud Service 19.5Oracle Flexcube Universal BankingOracle Banking Digital Experience 21.1Oracle Banking Apis 19.1Oracle Banking Apis 19.2Oracle Banking Apis 20.1Oracle Banking Apis 21.1Oracle Banking Apis 18.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
insecure direct object referenceCVE-2023-30736CVE-2023-39647CVE-2023-42793injectCVE-2023-20101CVE-2023-4497XXECVE-2023-5217
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook