Skip to main content

Financial Services Market Risk Measurement And Management

8 CVEs product

Monthly

CVE-2020-11022 LIB MEDIUM POC PATCH This Month

In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

XSS Jquery Drupal Debian Linux Fedora +66
NVD GitHub Exploit-DB VulDB
CVSS 3.1
6.9
EPSS
2.1%
CVE-2020-9488 Maven LOW PATCH Monitor

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Apache Log4J Communications Application Session Controller Communications Billing And Revenue Management +43
NVD VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2019-12415 Maven MEDIUM PATCH This Month

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

XXE Microsoft Apache Poi Application Testing Suite +25
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2019-11358 LIB MEDIUM POC PATCH THREAT This Month

{}, ...) because of Object.prototype pollution. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Jquery Debian Linux Drupal +102
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
87.2%
CVE-2018-2727 HIGH PATCH This Week

Vulnerability in the Oracle Financial Services Market Risk Measurement and Management component of Oracle Financial Services Applications (subcomponent: User Interface). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Financial Services Market Risk Measurement And Management
NVD
CVSS 3.0
8.1
EPSS
1.5%
CVE-2018-2716 MEDIUM PATCH This Month

Vulnerability in the Oracle Financial Services Market Risk Measurement and Management component of Oracle Financial Services Applications (subcomponent: User Interface). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Financial Services Market Risk Measurement And Management
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2017-15708 Maven CRITICAL PATCH Act Now

In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 19.9%.

RCE Java Apache Synapse Financial Services Market Risk Measurement And Management +1
NVD
CVSS 3.1
9.8
EPSS
19.9%
CVE-2017-15707 Maven MEDIUM PATCH This Month

In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Apache Information Disclosure Struts Oncommand Balance Agile Plm Framework +9
NVD
CVSS 3.0
6.2
EPSS
1.5%
EPSS 2% CVSS 6.9
MEDIUM POC PATCH This Month

In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

XSS Jquery Drupal +68
NVD GitHub Exploit-DB VulDB
EPSS 0% CVSS 3.7
LOW PATCH Monitor

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Apache Log4J +45
NVD VulDB
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

XXE Microsoft Apache +27
NVD
EPSS 87% CVSS 6.1
MEDIUM POC PATCH THREAT This Month

{}, ...) because of Object.prototype pollution. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Jquery +104
NVD GitHub Exploit-DB
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Vulnerability in the Oracle Financial Services Market Risk Measurement and Management component of Oracle Financial Services Applications (subcomponent: User Interface). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Financial Services Market Risk Measurement And Management
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Vulnerability in the Oracle Financial Services Market Risk Measurement and Management component of Oracle Financial Services Applications (subcomponent: User Interface). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Financial Services Market Risk Measurement And Management
NVD
EPSS 20% CVSS 9.8
CRITICAL PATCH Act Now

In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 19.9%.

RCE Java Apache +3
NVD
EPSS 2% CVSS 6.2
MEDIUM PATCH This Month

In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Apache Information Disclosure Struts +11
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy