Vulnerabilities > Oracle > Banking Corporate Lending Process Management > 14.2.0

DATE	CVE	VULNERABILITY TITLE	RISK
2021-06-12	CVE-2021-31811	Allocation of Resources Without Limits or Throttling vulnerability in multiple products In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. local low complexity apache fedoraproject oracle CWE-770	5.5
2021-06-12	CVE-2021-31812	Infinite Loop vulnerability in multiple products In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. local low complexity apache fedoraproject oracle CWE-835	5.5
2021-05-28	CVE-2021-29505	Deserialization of Untrusted Data vulnerability in multiple products XStream is software for serializing Java objects to XML and back again. network low complexity xstream-project debian fedoraproject netapp oracle CWE-502	8.8
2021-03-30	CVE-2021-21409	HTTP Request Smuggling vulnerability in multiple products Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. network high complexity netty debian netapp oracle quarkus CWE-444	5.9
2021-03-19	CVE-2021-27906	A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. local low complexity apache fedoraproject oracle	5.5
2021-02-15	CVE-2021-23337	Code Injection vulnerability in multiple products Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. network low complexity lodash oracle netapp siemens CWE-94	6.5
2021-02-15	CVE-2020-28500	Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions. network low complexity lodash oracle siemens	5.0
2021-02-08	CVE-2021-21290	Creation of Temporary File in Directory with Incorrect Permissions vulnerability in multiple products Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. local low complexity netty debian quarkus oracle netapp CWE-379	5.5
2020-12-18	CVE-2020-28052	An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. network high complexity bouncycastle apache oracle	8.1
2020-09-17	CVE-2020-24750	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration. network high complexity fasterxml oracle debian CWE-502	8.1

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.