Search Results (Refine Search)
- CPE Product Version: cpe:/a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.1.0
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2018-8032 |
Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services. Published: August 02, 2018; 9:29:00 AM -0400 |
V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-8013 |
In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization. Published: May 24, 2018; 12:29:00 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |