Oracle Banking_trade_finance_process_management
14 CVEs affecting Oracle Banking_trade_finance_process_management. Latest disclosed: 2022-04-19. Critical: 2, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-22963 | Critical | 9.8 | 2022-04-01 | In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a speciall… |
CVE-2019-0228 | Critical | 9.8 | 2019-04-17 | Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a c… |
CVE-2020-26217 | High | 8.0 | 2020-11-16 | XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by mani… |
CVE-2021-29505 | High | 7.5 | 2021-05-28 | XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has suf… |
CVE-2019-12399 | High | 7.5 | 2020-01-14 | When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is cr… |
CVE-2020-8203 | High | 7.4 | 2020-07-15 | Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20. |
CVE-2021-23337 | High | 7.2 | 2021-02-15 | Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. |
CVE-2021-41973 | Medium | 6.5 | 2021-11-01 | In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header… |
CVE-2021-21290 | Medium | 6.2 | 2021-02-08 | Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clie… |
CVE-2022-21474 | Medium | 5.9 | 2022-04-19 | Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). The supported version that is… |
CVE-2021-21409 | Medium | 5.9 | 2021-03-30 | Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clie… |
CVE-2021-27906 | Medium | 5.5 | 2021-03-19 | A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versi… |
CVE-2021-27807 | Medium | 5.5 | 2021-03-19 | A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions. |
CVE-2020-28500 | Medium | 5.3 | 2021-02-15 | Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions. |