CVEInsight.

Free vulnerability intelligence for developers, security teams, and researchers. Data sourced from public databases for informational purposes only.

Explore

Legal

CVE data sourced from NVD / NIST & public disclosures.

oracle

agile_product_lifecycle_management_integration_pack

3 known vulnerabilities · sorted by CVSS score

CVE-2020-25649

HIGH7.5

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

fasterxml / jackson-databind+72

Network

Published Dec 3, 2020

CVE-2019-10086

HIGH7.3

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.

apache / commons_beanutils+106

Network

Published Aug 20, 2019

CVE-2019-10219

MEDIUM6.1

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

oracle / insurance_data_gateway+421

Network

Published Nov 8, 2019