Vulnerabilities > Oracle > Banking Trade Finance Process Management

DATE CVE VULNERABILITY TITLE RISK
2022-04-19 CVE-2022-21474 Unspecified vulnerability in Oracle Banking Trade Finance Process Management 14.5
Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure).
network
high complexity
oracle
5.9
5.9
2022-04-01 CVE-2022-22963 Expression Language Injection vulnerability in multiple products
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
network
low complexity
vmware oracle CWE-917
critical
 9.8
9.8
2021-11-01 CVE-2021-41973 Infinite Loop vulnerability in multiple products
In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely.
network
low complexity
apache oracle CWE-835
6.5
6.5
2021-05-28 CVE-2021-29505 Deserialization of Untrusted Data vulnerability in multiple products
XStream is software for serializing Java objects to XML and back again. 		8.8
8.8
2021-03-30 CVE-2021-21409 Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients.
network
high complexity
netty debian netapp oracle quarkus
5.9
5.9
2021-03-19 CVE-2021-27906 A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file.
local
low complexity
apache fedoraproject oracle
5.5
5.5
2021-03-19 CVE-2021-27807 Excessive Iteration vulnerability in multiple products
A carefully crafted PDF file can trigger an infinite loop while loading the file.
local
low complexity
apache fedoraproject oracle CWE-834
5.5
5.5
2021-02-15 CVE-2021-23337 Code Injection vulnerability in multiple products
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
network
low complexity
lodash oracle netapp siemens CWE-94
7.2
7.2
2021-02-15 CVE-2020-28500 Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
network
low complexity
lodash oracle siemens
5.3
5.3
2021-02-08 CVE-2021-21290 Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients.
local
low complexity
netty debian quarkus oracle netapp
5.5
5.5