Oracle endeca information discovery studio
This hub aggregates every CVE we track for Oracle endeca information discovery studio, a product in the databases space. Use it to gauge the current risk picture and drill into individual advisories.
11
CVEs tracked
3
Critical
2
High
0
In CISA KEV
Severity distribution
MEDIUM5CRITICAL3HIGH2LOW1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 11 most recently published vulnerabilities affecting Oracle endeca information discovery studio.
- CVE-2021-21345XStream is vulnerable to a Remote Command Execution attack5.8
- CVE-2020-1945Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. T...6.3
- CVE-2020-9488Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log me...3.7
- CVE-2019-17571Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization ...9.8
- CVE-2019-12415In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local fi...5.5
- CVE-2019-10173It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote att...9.8
- CVE-2019-0227A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subve...7.5
- CVE-2017-12626Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of ...7.5
- CVE-2015-9251jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.6.1
- CVE-2017-3738There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and D...5.9
- CVE-2017-5645In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent tha...9.8
Product normalization is registry-driven with AI assist and human review. How it works