Vulnerabilities > Oracle > Banking Virtual Account Management > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-04-01 | CVE-2022-22963 | Expression Language Injection vulnerability in multiple products In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources. | 9.8 |
2021-03-23 | CVE-2021-21342 | XStream is a Java library to serialize objects to XML and back again. | 9.1 |
2021-03-23 | CVE-2021-21344 | XStream is a Java library to serialize objects to XML and back again. | 9.8 |
2021-03-23 | CVE-2021-21345 | OS Command Injection vulnerability in multiple products XStream is a Java library to serialize objects to XML and back again. | 9.9 |
2021-03-23 | CVE-2021-21346 | XStream is a Java library to serialize objects to XML and back again. | 9.8 |
2021-03-23 | CVE-2021-21347 | XStream is a Java library to serialize objects to XML and back again. | 9.8 |
2021-03-23 | CVE-2021-21350 | XStream is a Java library to serialize objects to XML and back again. | 9.8 |
2021-03-23 | CVE-2021-21351 | XStream is a Java library to serialize objects to XML and back again. | 9.1 |
2020-07-31 | CVE-2020-5413 | Deserialization of Untrusted Data vulnerability in multiple products Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. | 9.8 |
2019-04-17 | CVE-2019-0228 | XXE vulnerability in multiple products Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF. | 9.8 |