Vulnerabilities > Oracle > Banking Trade Finance Process Management > 14.2.0

DATE	CVE	VULNERABILITY TITLE	RISK
2021-03-30	CVE-2021-21409	HTTP Request Smuggling vulnerability in multiple products Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. network high complexity netty debian netapp oracle quarkus CWE-444	5.9
2021-03-19	CVE-2021-27906	A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. local low complexity apache fedoraproject oracle	5.5
2021-03-19	CVE-2021-27807	Excessive Iteration vulnerability in multiple products A carefully crafted PDF file can trigger an infinite loop while loading the file. local low complexity apache fedoraproject oracle CWE-834	5.5
2021-02-15	CVE-2021-23337	Code Injection vulnerability in multiple products Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. network low complexity lodash oracle netapp siemens CWE-94	6.5
2021-02-15	CVE-2020-28500	Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions. network low complexity lodash oracle siemens	5.0
2021-02-08	CVE-2021-21290	Creation of Temporary File in Directory with Incorrect Permissions vulnerability in multiple products Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. local low complexity netty debian quarkus oracle netapp CWE-379	5.5
2020-07-15	CVE-2020-8203	Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20. network high complexity lodash oracle	7.4

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.