Vulnerabilities > Oracle > Financial Services Crime AND Compliance Management Studio > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-05-19 CVE-2022-22976 Integer Overflow or Wraparound vulnerability in multiple products
Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability.
network
low complexity
vmware oracle netapp CWE-190
5.3
2022-05-12 CVE-2022-22970 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.
network
high complexity
vmware oracle netapp CWE-770
5.3
2022-05-12 CVE-2022-22971 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.
network
low complexity
vmware oracle netapp CWE-770
6.5
2022-05-06 CVE-2022-24823 Netty is an open-source, asynchronous event-driven network application framework.
local
low complexity
netty oracle netapp
5.5
2022-01-24 CVE-2022-23437 Infinite Loop vulnerability in multiple products
There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads.
network
low complexity
apache oracle netapp CWE-835
6.5
2021-07-15 CVE-2021-34429 For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints.
network
low complexity
eclipse netapp oracle
5.3
2021-02-15 CVE-2020-28500 Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
network
low complexity
lodash oracle siemens
5.3