CVSS: 7.6EPSS: 0%CPEs: 4EXPL: 0CVE-2021-2062
https://notcve.org/view.php?id=CVE-2021-2062
20 Jan 2021 — Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Web Server). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products.... • https://www.oracle.com/security-alerts/cpujan2021.html •
CVSS: 7.6EPSS: 0%CPEs: 4EXPL: 0CVE-2021-2049
https://notcve.org/view.php?id=CVE-2021-2049
20 Jan 2021 — Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Administration). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data as well as unauthorized update, i... • https://www.oracle.com/security-alerts/cpujan2021.html •
CVSS: 7.6EPSS: 0%CPEs: 4EXPL: 0CVE-2021-2050
https://notcve.org/view.php?id=CVE-2021-2050
20 Jan 2021 — Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data as well as unauthorized u... • https://www.oracle.com/security-alerts/cpujan2021.html •
CVSS: 7.6EPSS: 0%CPEs: 4EXPL: 0CVE-2021-2051
https://notcve.org/view.php?id=CVE-2021-2051
20 Jan 2021 — Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data as well as unauthorized u... • https://www.oracle.com/security-alerts/cpujan2021.html •
CVSS: 7.6EPSS: 0%CPEs: 4EXPL: 0CVE-2021-2013
https://notcve.org/view.php?id=CVE-2021-2013
20 Jan 2021 — Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data as well as unauthorized up... • https://www.oracle.com/security-alerts/cpujan2021.html •
CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-14879
https://notcve.org/view.php?id=CVE-2020-14879
21 Oct 2020 — Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise BI Publisher. While the vulnerability is in BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or ... • https://www.oracle.com/security-alerts/cpuoct2020.html •
CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-14880
https://notcve.org/view.php?id=CVE-2020-14880
21 Oct 2020 — Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise BI Publisher. While the vulnerability is in BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or ... • https://www.oracle.com/security-alerts/cpuoct2020.html •
CVSS: 8.2EPSS: 2%CPEs: 4EXPL: 0CVE-2020-14842
https://notcve.org/view.php?id=CVE-2020-14842
21 Oct 2020 — Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in BI Publisher, attacks may significantly impact additional products. Successf... • https://www.oracle.com/security-alerts/cpuoct2020.html •
CVSS: 7.1EPSS: 2%CPEs: 4EXPL: 0CVE-2020-14780
https://notcve.org/view.php?id=CVE-2020-14780
21 Oct 2020 — Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete acces... • https://www.oracle.com/security-alerts/cpuoct2020.html •
CVSS: 6.5EPSS: 1%CPEs: 429EXPL: 0CVE-2019-10219 – hibernate-validator: safeHTML validator allows XSS
https://notcve.org/view.php?id=CVE-2019-10219
08 Nov 2019 — A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. Una vulnerabilidad fue encontrada en Hibernate-Validator. La anotación del validador SafeHtml no puede sanear apropiadamente las cargas útiles que consisten en código potencialmente malicioso en los comentarios e instrucciones HTML. • https://access.redhat.com/errata/RHSA-2020:0159 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •