Vulnerabilities > Oracle > Financial Services Crime AND Compliance Management Studio > Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2022-05-19	CVE-2022-22978	Incorrect Authorization vulnerability in multiple products In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. network low complexity vmware oracle netapp CWE-863 critical	9.8
2021-09-17	CVE-2021-41303	Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. network low complexity apache oracle critical	9.8
2018-04-11	CVE-2018-1273	Injection vulnerability in multiple products Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. network low complexity pivotal-software apache oracle CWE-74 critical	9.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.