Vulnerabilities > Oracle > Banking Trade Finance Process Management > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-04-01 CVE-2022-22963 Expression Language Injection vulnerability in multiple products
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
network
low complexity
vmware oracle CWE-917
critical
9.8
2019-04-17 CVE-2019-0228 XXE vulnerability in multiple products
Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF.
network
low complexity
apache fedoraproject oracle CWE-611
critical
9.8