Oracle Financial Services Analytical Applications Infrastructure — known CVE vulnerabilities
Every CVE whose affected-product data names Oracle Financial Services Analytical Applications Infrastructure, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2025-53037 — CVSS 9.8 (critical): Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications…
CVE-2019-3773 — CVSS 9.8 (critical): Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity…
CVE-2017-15095 — CVSS 9.8 (critical): A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated…
CVE-2017-5645 — CVSS 9.8 (critical): In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another…
CVE-2017-7525 — CVSS 9.8 (critical): A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an…
CVE-2020-10683 — CVSS 9.8 (critical): dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However…
CVE-2019-14379 — CVSS 9.8 (critical): SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of…
CVE-2019-14540 — CVSS 9.8 (critical): A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
CVE-2019-16335 — CVSS 9.8 (critical): A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource…
CVE-2020-9546 — CVSS 9.8 (critical): FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2018-14720 — CVSS 9.8 (critical): FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to…
CVE-2018-14719 — CVSS 9.8 (critical): FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the…
CVE-2018-14718 — CVSS 9.8 (critical): FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the…
CVE-2018-8013 — CVSS 9.8 (critical): In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the…
CVE-2021-26291 — CVSS 9.1 (critical): Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some…
CVE-2020-11113 — CVSS 8.8 (high): FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-11112 — CVSS 8.8 (high): FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-10672 — CVSS 8.8 (high): FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-10968 — CVSS 8.8 (high): FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-10969 — CVSS 8.8 (high): FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2020-10673 — CVSS 8.8 (high): FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to…
CVE-2025-53036 — CVSS 8.6 (high): Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications…
CVE-2020-14824 — CVSS 8.6 (high): Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications…
CVE-2021-2351 — CVSS 8.3 (high): Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2…
CVE-2025-61751 — CVSS 8.1 (high): Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications…
CVE-2021-22118 — CVSS 7.8 (high): In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege…
CVE-2021-32808 — CVSS 7.6 (high): ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget…
CVE-2019-0227 — CVSS 7.5 (high): A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and…
CVE-2020-11979 — CVSS 7.5 (high): As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was…
CVE-2018-15756 — CVSS 7.5 (high): Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x…
CVE-2019-17566 — CVSS 7.5 (high): Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a…
CVE-2026-34310 — CVSS 7.5 (high): Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications…
CVE-2020-36518 — CVSS 7.5 (high): jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
CVE-2025-61756 — CVSS 7.5 (high): Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications…
CVE-2019-14439 — CVSS 7.5 (high): A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled…
CVE-2019-17359 — CVSS 7.5 (high): The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError…
CVE-2019-12399 — CVSS 7.5 (high): When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers…
CVE-2021-36090 — CVSS 7.5 (high): When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of…
CVE-2026-22010 — CVSS 7.5 (high): Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications…
CVE-2023-21901 — CVSS 7.4 (high): Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications…
CVE-2018-2660 — CVSS 7.4 (high): Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure component of Oracle Financial Services Applications…
CVE-2021-37695 — CVSS 7.3 (high): ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Fake…
CVE-2020-2793 — CVSS 7.1 (high): Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications…
CVE-2020-2688 — CVSS 7.1 (high): Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications…
CVE-2020-14602 — CVSS 7.1 (high): Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications…
CVE-2020-11022 — CVSS 6.9 (medium): In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM…
CVE-2026-34314 — CVSS 6.8 (medium): Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications…
CVE-2026-34325 — CVSS 6.8 (medium): Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications…
CVE-2026-34313 — CVSS 6.5 (medium): Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications…
CVE-2022-24729 — CVSS 6.5 (medium): CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the…
CVE-2020-14605 — CVSS 6.5 (medium): Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications…
CVE-2020-5421 — CVSS 6.5 (medium): In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections…
CVE-2025-53035 — CVSS 6.5 (medium): Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications…
CVE-2020-14685 — CVSS 6.5 (medium): Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications…
CVE-2021-26271 — CVSS 6.5 (medium): It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles…
CVE-2021-26272 — CVSS 6.5 (medium): It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the…
CVE-2022-23437 — CVSS 6.5 (medium): There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This…
CVE-2020-1945 — CVSS 6.3 (medium): Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir…
CVE-2020-14662 — CVSS 6.3 (medium): Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications…
CVE-2018-2661 — CVSS 6.1 (medium): Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure component of Oracle Financial Services Applications…
CVE-2015-9251 — CVSS 6.1 (medium): jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType…
CVE-2018-8032 — CVSS 6.1 (medium): Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.
CVE-2019-10219 — CVSS 6.1 (medium): A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of…
CVE-2019-11358 — CVSS 6.1 (medium): jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of…
CVE-2020-14601 — CVSS 6.1 (medium): Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications…
CVE-2020-14615 — CVSS 6.1 (medium): Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications…
CVE-2020-27193 — CVSS 6.1 (medium): A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web…
CVE-2021-2140 — CVSS 6.1 (medium): Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications…
CVE-2021-38153 — CVSS 5.9 (medium): Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute…
CVE-2021-45105 — CVSS 5.9 (medium): Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from…
CVE-2021-36373 — CVSS 5.5 (medium): When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an…
CVE-2019-12415 — CVSS 5.5 (medium): In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted…
CVE-2021-36374 — CVSS 5.5 (medium): When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory…
CVE-2022-24728 — CVSS 5.4 (medium): CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing…
CVE-2019-2823 — CVSS 5.4 (medium): Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure component of Oracle Financial Services Applications…
CVE-2025-53034 — CVSS 5.4 (medium): Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications…
CVE-2025-53031 — CVSS 5.3 (medium): Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications…
CVE-2021-35687 — CVSS 5.3 (medium): Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications…
CVE-2020-14604 — CVSS 5.3 (medium): Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications…
CVE-2020-14603 — CVSS 5.3 (medium): Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications…
CVE-2026-34321 — CVSS 4.8 (medium): Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications…
CVE-2021-29425 — CVSS 4.8 (medium): In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or…
CVE-2021-32809 — CVSS 4.6 (medium): ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4…
CVE-2020-14684 — CVSS 4.3 (medium): Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications…
CVE-2021-35686 — CVSS 4.3 (medium): Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications…
CVE-2020-9488 — CVSS 3.7 (low): Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted…