Home/Product/oracle banking digital experience
Product

oracle banking digital experience

31 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2021-41165
>= 18.1 and <= 18.3
CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processi
8.2HIGH
 CVE-2021-41164
>= 18.1 and <= 18.3
CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content
8.2HIGH
 CVE-2021-37137
all versions
The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also
7.5HIGH
 CVE-2021-37136
all versions
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects th
7.5HIGH
 CVE-2021-2351
>= 18.1 and <= 18.3
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1
8.3HIGH
 CVE-2021-36090
>= 18.1 and <= 18.3
When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an ou
7.5HIGH
 CVE-2021-35517
>= 18.1 and <= 18.3
When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an ou
7.5HIGH
 CVE-2021-35516
>= 18.1 and <= 18.3
When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out
7.5HIGH
 CVE-2021-35515
>= 18.1 and <= 18.3
When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infi
7.5HIGH
 CVE-2021-29425
all versions
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo",
4.8MEDIUM
 CVE-2021-28164
all versions
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %
5.3MEDIUM
 CVE-2021-28163
all versions
In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is
2.7LOW
 CVE-2020-11987
all versions
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By usi
8.2HIGH
 CVE-2020-14195
all versions
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org
8.1HIGH
 CVE-2020-14060
all versions
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oad
8.1HIGH
 CVE-2020-14062
all versions
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com
8.1HIGH
 CVE-2020-14061
all versions
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to ora
8.1HIGH
 CVE-2020-11022
>= 18.1 and <= 20.1
In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery
6.9MEDIUM
 CVE-2020-11113
all versions
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org
8.8HIGH
 CVE-2020-11112
all versions
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org
8.8HIGH
 CVE-2020-11111
all versions
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org
8.8HIGH
 CVE-2020-10969
all versions
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to jav
8.8HIGH
 CVE-2020-10968
all versions
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org
8.8HIGH
 CVE-2020-10673
all versions
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com
8.8HIGH
 CVE-2020-10672
all versions
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org
8.8HIGH
 CVE-2020-9548
all versions
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.
9.8CRITICAL
 CVE-2020-9546
all versions
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org
9.8CRITICAL
 CVE-2019-10219
all versions
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting
6.1MEDIUM
 CVE-2019-3019
all versions
Vulnerability in the Oracle Banking Digital Experience product of Oracle Financial Services Applications (component: Loan Calculat
5.4MEDIUM
 CVE-2019-17495
>= 18.1 and <= 18.3
A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Over
9.8CRITICAL
 CVE-2019-11358
all versions
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Objec
6.1MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin