Oracle Hyperion Infrastructure Technology — known CVE vulnerabilities
Every CVE whose affected-product data names Oracle Hyperion Infrastructure Technology, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (35)
CVE-2019-2729 — CVSS 9.8 (critical): Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are…
CVE-2022-23305 — CVSS 9.8 (critical): By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are…
CVE-2020-11656 — CVSS 9.8 (critical): In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a…
CVE-2019-13990 — CVSS 9.8 (critical): initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job…
CVE-2022-23302 — CVSS 8.8 (high): JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j…
CVE-2018-14550 — CVSS 8.8 (high): An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function…
CVE-2022-23307 — CVSS 8.8 (high): CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of…
CVE-2021-2351 — CVSS 8.3 (high): Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2…
CVE-2020-11655 — CVSS 7.5 (high): SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the…
CVE-2021-4104 — CVSS 7.5 (high): JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration…
CVE-2020-11993 — CVSS 7.5 (high): Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns…
CVE-2020-13871 — CVSS 7.5 (high): SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.
CVE-2019-5427 — CVSS 7.5 (high): c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against…
CVE-2019-12402 — CVSS 7.5 (high): The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with…
CVE-2020-9327 — CVSS 7.5 (high): In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of…
CVE-2020-9490 — CVSS 7.5 (high): Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a…
CVE-2019-17563 — CVSS 7.5 (high): When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where…
CVE-2020-5421 — CVSS 6.5 (medium): In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections…
CVE-2020-14854 — CVSS 6.1 (medium): Vulnerability in the Hyperion Infrastructure Technology product of Oracle Hyperion (component: UI and Visualization). The supported version…
CVE-2019-10219 — CVSS 6.1 (medium): A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of…
CVE-2021-45105 — CVSS 5.9 (medium): Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from…
CVE-2021-2445 — CVSS 5.7 (medium): Vulnerability in the Hyperion Infrastructure Technology product of Oracle Hyperion (component: Lifecycle Management). The supported version…
CVE-2021-27807 — CVSS 5.5 (medium): A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior…
CVE-2019-12415 — CVSS 5.5 (medium): In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted…
CVE-2020-15358 — CVSS 5.5 (medium): In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse…
CVE-2021-27906 — CVSS 5.5 (medium): A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22…
CVE-2019-7317 — CVSS 5.3 (medium): png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
CVE-2026-35244 — CVSS 5.2 (medium): Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component: Lifecycle Management). The supported…
CVE-2021-2347 — CVSS 5.2 (medium): Vulnerability in the Hyperion Infrastructure Technology product of Oracle Hyperion (component: Lifecycle Management). The supported version…
CVE-2021-1999 — CVSS 5.0 (medium): Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: RAS subsystems). The supported version that is…
CVE-2021-1993 — CVSS 4.8 (medium): Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c…
CVE-2020-27218 — CVSS 4.8 (medium): In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request…
CVE-2020-1935 — CVSS 4.8 (medium): In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line…
CVE-2021-1996 — CVSS 2.4 (low): Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are…