Vulnerabilities > Oracle > Banking Cash Management > 14.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-01 | CVE-2022-22963 | Expression Language Injection vulnerability in multiple products In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources. | 9.8 |
| 2021-05-28 | CVE-2021-29505 | Deserialization of Untrusted Data vulnerability in multiple products XStream is software for serializing Java objects to XML and back again. | 8.8 |
| 2020-11-16 | CVE-2020-26217 | OS Command Injection vulnerability in multiple products XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. | 8.8 |