Vulnerabilities > Oracle > Banking Platform > 2.9.0

DATE CVE VULNERABILITY TITLE RISK
2021-03-23 CVE-2021-21346 XStream is a Java library to serialize objects to XML and back again.
network
low complexity
xstream-project debian fedoraproject oracle
critical
9.8
2021-03-23 CVE-2021-21345 OS Command Injection vulnerability in multiple products
XStream is a Java library to serialize objects to XML and back again.
network
low complexity
xstream-project debian fedoraproject oracle CWE-78
critical
9.9
2021-03-23 CVE-2021-21344 XStream is a Java library to serialize objects to XML and back again.
network
low complexity
xstream-project debian fedoraproject oracle
critical
9.8
2021-03-23 CVE-2021-21343 XStream is a Java library to serialize objects to XML and back again.
network
low complexity
xstream-project debian fedoraproject oracle
7.5
2021-03-23 CVE-2021-21342 XStream is a Java library to serialize objects to XML and back again.
network
low complexity
xstream-project debian fedoraproject oracle
critical
9.1
2021-03-23 CVE-2021-21341 XStream is a Java library to serialize objects to XML and back again.
network
low complexity
xstream-project debian fedoraproject oracle
7.5
2021-01-06 CVE-2020-36189 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.
network
high complexity
fasterxml netapp debian oracle CWE-502
8.1
2020-12-17 CVE-2020-35491 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.
network
high complexity
fasterxml netapp debian oracle CWE-502
8.1
2020-12-17 CVE-2020-35490 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.
network
high complexity
fasterxml netapp debian oracle CWE-502
8.1
2020-12-03 CVE-2020-25649 XXE vulnerability in multiple products
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly.
7.5