CVSS: 4.7EPSS: 1%CPEs: 2EXPL: 0CVE-2020-2535
https://notcve.org/view.php?id=CVE-2020-2535
15 Jan 2020 — Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Server). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enter... • https://www.oracle.com/security-alerts/cpujan2020.html •
CVSS: 7.1EPSS: 1%CPEs: 2EXPL: 0CVE-2020-2537
https://notcve.org/view.php?id=CVE-2020-2537
15 Jan 2020 — Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Ente... • https://www.oracle.com/security-alerts/cpujan2020.html •
CVSS: 6.1EPSS: 1%CPEs: 7EXPL: 2CVE-2019-14862 – knockout: Cross-site Scripting (XSS) attacks due to not escaping the name attribute.
https://notcve.org/view.php?id=CVE-2019-14862
03 Dec 2019 — There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it. Hay una vulnerabilidad en knockout versiones anteriores a la versión 3.5.0-beta, donde después de escapar del contexto de la aplicación web, la aplicación web entrega datos a sus usuarios junto con otro contenido dinámico seguro, sin comprobarlo. Red Hat Decision Manager is an o... • https://github.com/ossf-cve-benchmark/CVE-2019-14862 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 1%CPEs: 429EXPL: 0CVE-2019-10219 – hibernate-validator: safeHTML validator allows XSS
https://notcve.org/view.php?id=CVE-2019-10219
08 Nov 2019 — A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. Una vulnerabilidad fue encontrada en Hibernate-Validator. La anotación del validador SafeHtml no puede sanear apropiadamente las cargas útiles que consisten en código potencialmente malicioso en los comentarios e instrucciones HTML. • https://access.redhat.com/errata/RHSA-2020:0159 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 2%CPEs: 3EXPL: 0CVE-2019-3012
https://notcve.org/view.php?id=CVE-2019-3012
16 Oct 2019 — Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: BI Platform Security). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise ... • http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html •
CVSS: 8.6EPSS: 3%CPEs: 2EXPL: 0CVE-2019-2905
https://notcve.org/view.php?id=CVE-2019-2905
16 Oct 2019 — Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. While the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of ... • http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html •
CVSS: 8.2EPSS: 2%CPEs: 3EXPL: 0CVE-2019-2906
https://notcve.org/view.php?id=CVE-2019-2906
16 Oct 2019 — Vulnerability in the BI Publisher (formerly XML Publisher) product of Oracle Fusion Middleware (component: Mobile Service). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher (formerly XML Publisher). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in BI Publisher (formerly XML Publisher), attac... • http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html •
CVSS: 6.4EPSS: 0%CPEs: 5EXPL: 0CVE-2019-2897
https://notcve.org/view.php?id=CVE-2019-2897
16 Oct 2019 — Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. While the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks... • http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 0CVE-2019-2900
https://notcve.org/view.php?id=CVE-2019-2900
16 Oct 2019 — Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Ent... • http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2019-2742
https://notcve.org/view.php?id=CVE-2019-2742
23 Jul 2019 — Vulnerability in the Oracle BI Publisher component of Oracle Fusion Middleware (subcomponent: Web Service API). The supported version that is affected is 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. While the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of O... • http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html •