A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
AI analysis not yet available
Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
| Vendor | Product | Versions | Fixed In |
|---|---|---|---|
| oracle | insurance_data_gateway | - | - |
| oracle | insurance_data_gateway | - | - |
| oracle | insurance_data_gateway |
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
422
Affected Products
36
References
oracle / insurance_data_gateway
| - |
| - |
| oracle | insurance_data_gateway | - | - |
| oracle | insurance_insbridge_rating_and_underwriting | 5.4.0 - 5.6.0 | - |
| oracle | insurance_insbridge_rating_and_underwriting | - | - |
| oracle | insurance_policy_administration | - | - |
| oracle | insurance_policy_administration | - | - |
| oracle | insurance_policy_administration | - | - |
| oracle | insurance_policy_administration | - | - |
| oracle | insurance_policy_administration | - | - |
| oracle | insurance_policy_administration_j2ee | 11.1.0 - 11.3.0 | - |
| oracle | insurance_policy_administration_j2ee | - | - |
| oracle | insurance_policy_administration_j2ee | - | - |
| oracle | insurance_policy_administration_j2ee | - | - |
| oracle | insurance_rules_palette | 11.1.0 - 11.3.0 | - |
| oracle | insurance_rules_palette | - | - |
| oracle | insurance_rules_palette | - | - |
| oracle | insurance_rules_palette | - | - |
| oracle | insurance_rules_palette | - | - |
| oracle | java_se | - | - |
| oracle | java_se | - | - |
| oracle | java_se | - | - |
| oracle | jd_edwards_enterpriseone_orchestrator | 9.2.6.1 | - |
| oracle | jdk | - | - |
| oracle | managed_file_transfer | - | - |
| oracle | managed_file_transfer | - | - |
| redhat | hibernate_validator | 6.0.18 | - |
| redhat | hibernate_validator | - | - |
| redhat | hibernate_validator | - | - |
| redhat | hibernate_validator | - | - |
| redhat | hibernate_validator | - | - |
| redhat | hibernate_validator | - | - |
| redhat | hibernate_validator | - | - |
| redhat | fuse | - | - |
| redhat | jboss_data_grid | - | - |
| redhat | jboss_enterprise_application_platform | - | - |
| redhat | openshift_application_runtimes | - | - |
| redhat | single_sign-on | - | - |
| redhat | jboss_enterprise_application_platform | - | - |
| redhat | jboss_enterprise_application_platform | - | - |
| netapp | active_iq_unified_manager | - | - |
| netapp | active_iq_unified_manager | - | - |
| netapp | active_iq_unified_manager | - | - |
| netapp | management_services_for_element_software_and_netapp_hci | - | - |
| netapp | snapcenter_plug-in | - | - |
| netapp | element | - | - |
| oracle | access_manager | - | - |
| oracle | access_manager | - | - |
| oracle | access_manager | - | - |
| oracle | agile_engineering_data_management | - | - |
| oracle | agile_plm | - | - |
| oracle | agile_plm | - | - |
| oracle | agile_product_lifecycle_analytics | - | - |
| oracle | agile_product_lifecycle_management_integration_pack | - | - |
| oracle | airlines_data_model | - | - |
| oracle | airlines_data_model | - | - |
| oracle | application_express | - | - |
| oracle | application_performance_management | - | - |
| oracle | application_performance_management | - | - |
| oracle | application_testing_suite | - | - |
| oracle | argus_analytics | - | - |
| oracle | argus_analytics | - | - |
| oracle | argus_analytics | - | - |
| oracle | argus_analytics | - | - |
| oracle | argus_insight | - | - |
| oracle | argus_insight | - | - |
| oracle | argus_insight | - | - |
| oracle | argus_safety | - | - |
| oracle | argus_safety | - | - |
| oracle | argus_safety | - | - |
| oracle | banking_apis | - | - |
| oracle | banking_apis | - | - |
| oracle | banking_apis | - | - |
| oracle | banking_apis | - | - |
| oracle | banking_apis | - | - |
| oracle | banking_apis | - | - |
| oracle | banking_apis | - | - |
| oracle | banking_deposits_and_lines_of_credit_servicing | - | - |
| oracle | banking_digital_experience | - | - |
| oracle | banking_digital_experience | - | - |
| oracle | banking_digital_experience | - | - |
| oracle | banking_digital_experience | - | - |
| oracle | banking_digital_experience | - | - |
| oracle | banking_digital_experience | - | - |
| oracle | banking_digital_experience | - | - |
| oracle | banking_enterprise_default_management | - | - |
| oracle | banking_enterprise_default_management | - | - |
| oracle | banking_enterprise_default_management | - | - |
| oracle | banking_enterprise_default_management | - | - |
| oracle | banking_enterprise_default_management | - | - |
| oracle | banking_enterprise_default_managment | 2.3.0 - 2.4.0 | - |
| oracle | banking_loans_servicing | - | - |
| oracle | banking_party_management | - | - |
| oracle | banking_platform | 2.3.0 - 2.4.1 | - |
| oracle | banking_platform | - | - |
| oracle | banking_platform | - | - |
| oracle | banking_platform | - | - |
| oracle | bi_publisher | - | - |
| oracle | bi_publisher | - | - |
| oracle | bi_publisher | - | - |
| oracle | bi_publisher | - | - |
| oracle | big_data_spatial_and_graph | - | - |
| oracle | business_activity_monitoring | - | - |
| oracle | business_intelligence | - | - |
| oracle | business_intelligence | - | - |
| oracle | business_intelligence | - | - |
| oracle | business_intelligence | - | - |
| oracle | business_process_management_suite | - | - |
| oracle | business_process_management_suite | - | - |
| oracle | clinical | - | - |
| oracle | clinical | - | - |
| oracle | commerce_guided_search | - | - |
| oracle | commerce_platform | 11.3.0 - 11.3.2 | - |
| oracle | communications_application_session_controller | - | - |
| oracle | communications_billing_and_revenue_management | - | - |
| oracle | communications_billing_and_revenue_management | - | - |
| oracle | communications_billing_and_revenue_management_elastic_charging_engine | - | - |
| oracle | communications_billing_and_revenue_management_elastic_charging_engine | - | - |
| oracle | communications_calendar_server | - | - |
| oracle | communications_calendar_server | - | - |
| oracle | communications_cloud_native_core_automated_test_suite | - | - |
| oracle | communications_cloud_native_core_binding_support_function | - | - |
| oracle | communications_cloud_native_core_binding_support_function | - | - |
| oracle | communications_cloud_native_core_console | - | - |
| oracle | communications_cloud_native_core_network_function_cloud_native_environment | - | - |
| oracle | communications_cloud_native_core_network_repository_function | - | - |
| oracle | communications_cloud_native_core_policy | - | - |
| oracle | communications_cloud_native_core_security_edge_protection_proxy | - | - |
| oracle | communications_cloud_native_core_security_edge_protection_proxy | - | - |
| oracle | communications_cloud_native_core_security_edge_protection_proxy | - | - |
| oracle | communications_cloud_native_core_service_communication_proxy | - | - |
| oracle | communications_cloud_native_core_unified_data_repository | - | - |
| oracle | communications_contacts_server | - | - |
| oracle | communications_converged_application_server_-_service_controller | - | - |
| oracle | communications_convergence | - | - |
| oracle | communications_convergent_charging_controller | 12.0.1.0.0 - 12.0.4.0.0 | - |
| oracle | communications_convergent_charging_controller | - | - |
| oracle | communications_data_model | - | - |
| oracle | communications_data_model | - | - |
| oracle | communications_data_model | - | - |
| oracle | communications_data_model | - | - |
| oracle | communications_data_model | - | - |
| oracle | communications_design_studio | - | - |
| oracle | communications_design_studio | - | - |
| oracle | communications_design_studio | - | - |
| oracle | communications_design_studio | - | - |
| oracle | communications_design_studio | - | - |
| oracle | communications_diameter_signaling_route | 8.0.0.0 - 8.5.1.0 | - |
| oracle | communications_eagle_application_processor | 16.1 - 16.4 | - |
| oracle | communications_instant_messaging_server | - | - |
| oracle | communications_interactive_session_recorder | - | - |
| oracle | communications_interactive_session_recorder | - | - |
| oracle | communications_messaging_server | - | - |
| oracle | communications_metasolv_solution | - | - |
| oracle | communications_network_charging_and_control | 12.0.1.0.0 - 12.0.4.0.0 | - |
| oracle | communications_network_charging_and_control | - | - |
| oracle | communications_network_integrity | - | - |
| oracle | communications_network_integrity | - | - |
| oracle | communications_offline_mediation_controller | - | - |
| oracle | communications_operations_monitor | - | - |
| oracle | communications_operations_monitor | - | - |
| oracle | communications_operations_monitor | - | - |
| oracle | communications_operations_monitor | - | - |
| oracle | communications_operations_monitor | - | - |
| oracle | communications_pricing_design_center | - | - |
| oracle | communications_pricing_design_center | - | - |
| oracle | communications_service_broker | - | - |
| oracle | communications_services_gatekeeper | - | - |
| oracle | communications_session_border_controller | - | - |
| oracle | communications_session_border_controller | - | - |
| oracle | communications_session_border_controller | - | - |
| oracle | communications_session_border_controller | - | - |
| oracle | communications_unified_inventory_management | - | - |
| oracle | communications_unified_inventory_management | - | - |
| oracle | communications_unified_inventory_management | - | - |
| oracle | communications_unified_inventory_management | - | - |
| oracle | communications_unified_inventory_management | - | - |
| oracle | communications_unified_inventory_management | - | - |
| oracle | communications_unified_inventory_management | - | - |
| oracle | communications_webrtc_session_controller | - | - |
| oracle | communications_webrtc_session_controller | - | - |
| oracle | data_integrator | - | - |
| oracle | data_integrator | - | - |
| oracle | database_server | - | - |
| oracle | database_server | - | - |
| oracle | database_server | - | - |
| oracle | database_server | - | - |
| oracle | demantra_demand_management | 12.2.6 - 12.2.11 | - |
| oracle | documaker | 12.6.0 - 12.6.4 | - |
| oracle | e-business_suite | 12.2.3 - 12.2.11 | - |
| oracle | enterprise_communications_broker | - | - |
| oracle | enterprise_data_quality | - | - |
| oracle | enterprise_data_quality | - | - |
| oracle | enterprise_manager_base_platform | - | - |
| oracle | enterprise_manager_base_platform | - | - |
| oracle | enterprise_manager_ops_center | - | - |
| oracle | enterprise_session_border_controller | - | - |
| oracle | enterprise_session_border_controller | - | - |
| oracle | essbase | 11.1.2.4.47 | - |
| oracle | essbase | 21.0 - 21.3 | - |
| oracle | essbase | - | - |
| oracle | essbase_administration_services | 11.1.2.4.47 | - |
| oracle | essbase_administration_services | - | - |
| oracle | financial_services_analytical_applications_infrastructure | 8.0.7 - 8.1.1 | - |
| oracle | financial_services_analytical_applications_infrastructure | - | - |
| oracle | financial_services_behavior_detection_platform | - | - |
| oracle | financial_services_behavior_detection_platform | - | - |
| oracle | financial_services_behavior_detection_platform | - | - |
| oracle | financial_services_enterprise_case_management | - | - |
| oracle | financial_services_enterprise_case_management | - | - |
| oracle | financial_services_enterprise_case_management | - | - |
| oracle | financial_services_foreign_account_tax_compliance_act_management | - | - |
| oracle | financial_services_foreign_account_tax_compliance_act_management | - | - |
| oracle | financial_services_foreign_account_tax_compliance_act_management | - | - |
| oracle | financial_services_model_management_and_governance | 8.0.8 - 8.1.1 | - |
| oracle | financial_services_trade-based_anti_money_laundering | - | - |
| oracle | financial_services_trade-based_anti_money_laundering | - | - |
| oracle | flexcube_investor_servicing | - | - |
| oracle | flexcube_investor_servicing | - | - |
| oracle | flexcube_investor_servicing | - | - |
| oracle | flexcube_investor_servicing | - | - |
| oracle | flexcube_investor_servicing | - | - |
| oracle | flexcube_investor_servicing | - | - |
| oracle | flexcube_private_banking | - | - |
| oracle | flexcube_private_banking | - | - |
| oracle | fusion_middleware | - | - |
| oracle | fusion_middleware | - | - |
| oracle | fusion_middleware_mapviewer | - | - |
| oracle | goldengate | 12.3.0.1 | - |
| oracle | goldengate | 19.0.0 - 19.1.0.0.220118 | - |
| oracle | goldengate | 21.0.0 - 21.5.0.0.220118 | - |
| oracle | goldengate_application_adapters | - | - |
| oracle | graalvm | - | - |
| oracle | graalvm | - | - |
| oracle | graph_server_and_client | 21.4 | - |
| oracle | health_sciences_clinical_development_analytics | - | - |
| oracle | health_sciences_inform_crf_submit | - | - |
| oracle | health_sciences_information_manager | - | - |
| oracle | health_sciences_information_manager | - | - |
| oracle | healthcare_data_repository | - | - |
| oracle | healthcare_data_repository | - | - |
| oracle | healthcare_data_repository | - | - |
| oracle | healthcare_foundation | 7.3.0.0 - 7.3.0.2 | - |
| oracle | healthcare_foundation | 8.0.0 - 8.0.2 | - |
| oracle | healthcare_foundation | - | - |
| oracle | healthcare_foundation | - | - |
| oracle | healthcare_translational_research | - | - |
| oracle | hospitality_cruise_shipboard_property_management_system | - | - |
| oracle | hospitality_opera_5_property_services | - | - |
| oracle | hospitality_reporting_and_analytics | - | - |
| oracle | hospitality_suite8 | - | - |
| oracle | hospitality_suite8 | - | - |
| oracle | hospitality_suite8 | - | - |
| oracle | hospitality_suite8 | - | - |
| oracle | hospitality_suite8 | - | - |
| oracle | http_server | - | - |
| oracle | http_server | - | - |
| oracle | hyperion_financial_management | - | - |
| oracle | hyperion_financial_management | - | - |
| oracle | hyperion_ilearning | - | - |
| oracle | hyperion_ilearning | - | - |
| oracle | hyperion_infrastructure_technology | - | - |
| oracle | instantis_enterprisetrack | - | - |
| oracle | instantis_enterprisetrack | - | - |
| oracle | instantis_enterprisetrack | - | - |
| oracle | insurance_data_gateway | - | - |
| oracle | mysql_cluster | 7.4.34 | - |
| oracle | mysql_cluster | 7.5.0 - 7.5.24 | - |
| oracle | mysql_cluster | 7.6.0 - 7.6.20 | - |
| oracle | mysql_cluster | 8.0.0 - 8.0.27 | - |
| oracle | mysql_connectors | 8.0.27 | - |
| oracle | mysql_connectors | - | - |
| oracle | mysql_server | 5.7.36 | - |
| oracle | mysql_server | 8.0.0 - 8.0.27 | - |
| oracle | mysql_server | - | - |
| oracle | mysql_workbench | 8.0.27 | - |
| oracle | nosql_database | 21.1.12 | - |
| oracle | oss_support_tools | 2.12.42 | - |
| oracle | peoplesoft_enterprise_cs_sa_integration_pack | - | - |
| oracle | peoplesoft_enterprise_cs_sa_integration_pack | - | - |
| oracle | peoplesoft_enterprise_people_tools | - | - |
| oracle | peoplesoft_enterprise_people_tools | - | - |
| oracle | peoplesoft_enterprise_people_tools | - | - |
| oracle | peoplesoft_enterprise_peopletools | - | - |
| oracle | peoplesoft_enterprise_peopletools | - | - |
| oracle | policy_automation | 12.2.0 - 12.2.24 | - |
| oracle | policy_automation | - | - |
| oracle | primavera_analytics | - | - |
| oracle | primavera_analytics | - | - |
| oracle | primavera_analytics | - | - |
| oracle | primavera_data_warehouse | - | - |
| oracle | primavera_data_warehouse | - | - |
| oracle | primavera_data_warehouse | - | - |
| oracle | primavera_gateway | 17.12.0 - 17.12.11 | - |
| oracle | primavera_gateway | 18.8.0 - 18.8.13 | - |
| oracle | primavera_gateway | 19.12.0 - 19.12.12 | - |
| oracle | primavera_gateway | 20.12.0 - 20.12.7 | - |
| oracle | primavera_gateway | - | - |
| oracle | primavera_p6_enterprise_project_portfolio_management | 17.12.0.0 - 17.12.0.0-17.12.20.0 | - |
| oracle | primavera_p6_enterprise_project_portfolio_management | 18.8.0.0 - 18.8.24.0 | - |
| oracle | primavera_p6_enterprise_project_portfolio_management | 19.12.0.0 - 19.12.18.0 | - |
| oracle | primavera_p6_enterprise_project_portfolio_management | 20.12.0.0 - 20.12.12.0 | - |
| oracle | primavera_p6_enterprise_project_portfolio_management | - | - |
| oracle | primavera_p6_professional_project_management | 17.12.0.0 - 17.12.20.0 | - |
| oracle | primavera_p6_professional_project_management | 18.8.0.0 - 18.8.24.0 | - |
| oracle | primavera_p6_professional_project_management | 19.12.0.0 - 19.12.17.0 | - |
| oracle | primavera_p6_professional_project_management | 20.12.0.0 - 20.12.9.0 | - |
| oracle | primavera_portfolio_management | 18.0.0.0 - 18.0.3.0 | - |
| oracle | primavera_portfolio_management | 19.0.0.0 - 19.0.1.2 | - |
| oracle | primavera_portfolio_management | - | - |
| oracle | primavera_portfolio_management | - | - |
| oracle | primavera_unifier | 17.7 - 17.12 | - |
| oracle | primavera_unifier | - | - |
| oracle | primavera_unifier | - | - |
| oracle | primavera_unifier | - | - |
| oracle | primavera_unifier | - | - |
| oracle | rapid_planning | 12.2.6 - 12.2.11 | - |
| oracle | real-time_decision_server | - | - |
| oracle | real_user_experience_insight | - | - |
| oracle | real_user_experience_insight | - | - |
| oracle | rest_data_services | - | - |
| oracle | retail_allocation | - | - |
| oracle | retail_allocation | - | - |
| oracle | retail_allocation | - | - |
| oracle | retail_allocation | - | - |
| oracle | retail_analytics | 16.0.0 - 16.0.2 | - |
| oracle | retail_assortment_planning | - | - |
| oracle | retail_back_office | - | - |
| oracle | retail_central_office | - | - |
| oracle | retail_customer_insights | 16.0.0 - 16.0.2 | - |
| oracle | retail_customer_management_and_segmentation_foundation | 16.0 - 19.0 | - |
| oracle | retail_eftlink | - | - |
| oracle | retail_eftlink | - | - |
| oracle | retail_eftlink | - | - |
| oracle | retail_eftlink | - | - |
| oracle | retail_eftlink | - | - |
| oracle | retail_extract_transform_and_load | - | - |
| oracle | retail_financial_integration | - | - |
| oracle | retail_financial_integration | - | - |
| oracle | retail_financial_integration | - | - |
| oracle | retail_financial_integration | - | - |
| oracle | retail_fiscal_management | - | - |
| oracle | retail_integration_bus | 16.0.1 - 16.0.3 | - |
| oracle | retail_integration_bus | - | - |
| oracle | retail_integration_bus | - | - |
| oracle | retail_integration_bus | - | - |
| oracle | retail_integration_bus | - | - |
| oracle | retail_integration_bus | - | - |
| oracle | retail_integration_bus | - | - |
| oracle | retail_invoice_matching | - | - |
| oracle | retail_invoice_matching | - | - |
| oracle | retail_merchandising_system | - | - |
| oracle | retail_order_broker | - | - |
| oracle | retail_order_broker | - | - |
| oracle | retail_order_broker | - | - |
| oracle | retail_order_management_system | - | - |
| oracle | retail_point-of-sale | - | - |
| oracle | retail_predictive_application_server | - | - |
| oracle | retail_predictive_application_server | - | - |
| oracle | retail_predictive_application_server | - | - |
| oracle | retail_predictive_application_server | - | - |
| oracle | retail_predictive_application_server | - | - |
| oracle | retail_predictive_application_server | - | - |
| oracle | retail_price_management | - | - |
| oracle | retail_price_management | - | - |
| oracle | retail_price_management | - | - |
| oracle | retail_price_management | - | - |
| oracle | retail_price_management | - | - |
| oracle | retail_price_management | - | - |
| oracle | retail_price_management | - | - |
| oracle | retail_price_management | - | - |
| oracle | retail_returns_management | - | - |
| oracle | retail_service_backbone | 16.0.1 - 16.0.3 | - |
| oracle | retail_service_backbone | - | - |
| oracle | retail_service_backbone | - | - |
| oracle | retail_service_backbone | - | - |
| oracle | retail_service_backbone | - | - |
| oracle | retail_service_backbone | - | - |
| oracle | retail_size_profile_optimization | - | - |
| oracle | retail_xstore_point_of_service | - | - |
| oracle | retail_xstore_point_of_service | - | - |
| oracle | retail_xstore_point_of_service | - | - |
| oracle | retail_xstore_point_of_service | - | - |
| oracle | sd-wan_aware | - | - |
| oracle | sd-wan_edge | - | - |
| oracle | sd-wan_edge | - | - |
| oracle | secure_backup | - | - |
| oracle | siebel_applications | 21.12 | - |
| oracle | spatial_studio | - | - |
| oracle | thesaurus_management_system | - | - |
| oracle | thesaurus_management_system | - | - |
| oracle | thesaurus_management_system | - | - |
| oracle | timesten_in-memory_database | 11.2.2.8.27 | - |
| oracle | timesten_in-memory_database | 21.0.0 - 21.1.1.1.0 | - |
| oracle | utilities_framework | 4.3.0.1.0 - 4.3.0.6.0 | - |
| oracle | utilities_framework | - | - |
| oracle | utilities_framework | - | - |
| oracle | utilities_framework | - | - |
| oracle | utilities_framework | - | - |
| oracle | utilities_framework | - | - |
| oracle | utilities_testing_accelerator | - | - |
| oracle | utilities_testing_accelerator | - | - |
| oracle | utilities_testing_accelerator | - | - |
| oracle | vm_virtualbox | 6.1.32 | - |
| oracle | webcenter_portal | - | - |
| oracle | webcenter_portal | - | - |
| oracle | weblogic_server | - | - |
| oracle | weblogic_server | - | - |
| oracle | weblogic_server | - | - |
| oracle | weblogic_server | - | - |
| oracle | zfs_storage_appliance_kit | - | - |
| oracle | zfs_storage_application_integration_engineering_software | - | - |
| oracle | communications_messaging_server | - | - |
| oracle | solaris | - | - |
| oracle | solaris | - | - |
| oracle | fujitsu_m10-1_firmware | - | - |
| oracle | fujitsu_m10-4_firmware | - | - |
| oracle | fujitsu_m10-4s_firmware | - | - |
| oracle | fujitsu_m12-1_firmware | - | - |
| oracle | fujitsu_m12-2_firmware | - | - |
| oracle | fujitsu_m12-2s_firmware | - | - |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Exploitability
Impact