Vulnerabilities (CVE)

Filtered by vendor Oracle Subscribe
Filtered by product Banking Corporate Lending Process Management
Total 27 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-36184 4 Debian, Fasterxml, Netapp and 1 more 45 Debian Linux, Jackson-databind, Cloud Backup and 42 more 2024-07-03 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.
CVE-2020-36182 4 Debian, Fasterxml, Netapp and 1 more 45 Debian Linux, Jackson-databind, Cloud Backup and 42 more 2024-07-03 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.
CVE-2020-36181 4 Debian, Fasterxml, Netapp and 1 more 44 Debian Linux, Jackson-databind, Service Level Manager and 41 more 2024-07-03 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.
CVE-2020-36180 4 Debian, Fasterxml, Netapp and 1 more 45 Debian Linux, Jackson-databind, Cloud Backup and 42 more 2024-07-03 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.
CVE-2020-36179 4 Debian, Fasterxml, Netapp and 1 more 43 Debian Linux, Jackson-databind, Cloud Backup and 40 more 2024-07-03 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.
CVE-2022-22963 2 Oracle, Vmware 28 Banking Branch, Banking Cash Management, Banking Corporate Lending Process Management and 25 more 2024-06-28 7.5 HIGH 9.8 CRITICAL
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
CVE-2021-31812 3 Apache, Fedoraproject, Oracle 7 Pdfbox, Fedora, Banking Corporate Lending Process Management and 4 more 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-31811 3 Apache, Fedoraproject, Oracle 12 Pdfbox, Fedora, Banking Corporate Lending Process Management and 9 more 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-21409 5 Debian, Netapp, Netty and 2 more 18 Debian Linux, Oncommand Api Services, Oncommand Workflow Automation and 15 more 2024-02-04 4.3 MEDIUM 5.9 MEDIUM
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final.
CVE-2021-29505 5 Debian, Fedoraproject, Netapp and 2 more 16 Debian Linux, Fedora, Snapmanager and 13 more 2024-02-04 6.5 MEDIUM 8.8 HIGH
XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types is affected. The vulnerability is patched in version 1.4.17.
CVE-2020-35728 4 Debian, Fasterxml, Netapp and 1 more 40 Debian Linux, Jackson-databind, Service Level Manager and 37 more 2024-02-04 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).
CVE-2021-23337 4 Lodash, Netapp, Oracle and 1 more 23 Lodash, Active Iq Unified Manager, Cloud Manager and 20 more 2024-02-04 6.5 MEDIUM 7.2 HIGH
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
CVE-2020-36183 4 Debian, Fasterxml, Netapp and 1 more 45 Debian Linux, Jackson-databind, Cloud Backup and 42 more 2024-02-04 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.
CVE-2020-36186 4 Debian, Fasterxml, Netapp and 1 more 45 Debian Linux, Jackson-databind, Cloud Backup and 42 more 2024-02-04 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.
CVE-2021-21290 5 Debian, Netapp, Netty and 2 more 13 Debian Linux, Active Iq Unified Manager, Cloud Secure Agent and 10 more 2024-02-04 1.9 LOW 5.5 MEDIUM
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method "File.createTempFile" on unix-like systems creates a random file, but, by default will create this file with the permissions "-rw-r--r--". Thus, if sensitive information is written to this file, other local users can read this information. This is the case in netty's "AbstractDiskHttpData" is vulnerable. This has been fixed in version 4.1.59.Final. As a workaround, one may specify your own "java.io.tmpdir" when you start the JVM or use "DefaultHttpDataFactory.setBaseDir(...)" to set the directory to something that is only readable by the current user.
CVE-2021-27906 3 Apache, Fedoraproject, Oracle 19 Pdfbox, Fedora, Banking Corporate Lending Process Management and 16 more 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.
CVE-2020-36185 4 Debian, Fasterxml, Netapp and 1 more 45 Debian Linux, Jackson-databind, Cloud Backup and 42 more 2024-02-04 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource.
CVE-2020-28500 3 Lodash, Oracle, Siemens 19 Lodash, Banking Corporate Lending Process Management, Banking Credit Facilities Process Management and 16 more 2024-02-04 5.0 MEDIUM 5.3 MEDIUM
Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
CVE-2020-36187 4 Debian, Fasterxml, Netapp and 1 more 45 Debian Linux, Jackson-databind, Cloud Backup and 42 more 2024-02-04 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.
CVE-2020-36188 4 Debian, Fasterxml, Netapp and 1 more 45 Debian Linux, Jackson-databind, Cloud Backup and 42 more 2024-02-04 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource.