Banking Treasury Management

banking_treasury_management

Vendor: Oracle • 29 CVEs

CVEs (29)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-21473 1Oracle 1Banking Treasury Management Nov 21, 2024 Apr 19, 2022 N/A· v4 5.9 MEDIUM· v3 4.6 MEDIUM· v2 Vulnerability in the Oracle Banking Treasury Management product of Oracle Financial Services Applications (component: Infrastructure). The supported version that is affected is 14.5. Difficult to exploit vulnerability al...Show more Vulnerability in the Oracle Banking Treasury Management product of Oracle Financial Services Applications (component: Infrastructure). The supported version that is affected is 14.5. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Treasury Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Treasury Management accessible data as well as unauthorized read access to a subset of Oracle Banking Treasury Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Treasury Management. CVSS 3.1 Base Score 5.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L).Show less
CVE-2021-45105 5Apache DebianNetapp+2 more 1166bk1602 0aa12 0tp0 Firmware 6bk1602 0aa22 0tp0 Firmware6bk1602 0aa32 0tp0 Firmware+113 more May 29, 2026 Dec 18, 2021 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data t...Show more Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.Show less
CVE-2021-41973 2Apache Oracle 9Banking Payments Banking Trade Finance Process ManagementBanking Treasury Management+6 more Nov 21, 2024 Nov 1, 2021 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is...Show more In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater.Show less
CVE-2021-37714 4Jsoup NetappOracle+1 more 16Banking Trade Finance Banking Treasury ManagementBusiness Process Management Suite+13 more Nov 21, 2024 Aug 18, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supp...Show more jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes.Show less
CVE-2021-36374 2Apache Oracle 36Agile Engineering Data Management Agile PlmAnt+33 more Nov 21, 2024 Jul 14, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to dis...Show more When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected.Show less
CVE-2021-36373 2Apache Oracle 32Agile Plm AntBanking Trade Finance+29 more Nov 21, 2024 Jul 14, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds usi...Show more When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected.Show less
CVE-2021-36090 3Apache NetappOracle 34Active Iq Unified Manager Banking ApisBanking Digital Experience+31 more Nov 21, 2024 Jul 13, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of serv...Show more When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.Show less
CVE-2021-35517 3Apache NetappOracle 27Active Iq Unified Manager Banking ApisBanking Digital Experience+24 more Nov 21, 2024 Jul 13, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of serv...Show more When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package.Show less
CVE-2021-35515 3Apache NetappOracle 26Active Iq Unified Manager Banking Digital ExperienceBanking Enterprise Default Management+23 more Nov 21, 2024 Jul 13, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that us...Show more When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.Show less
CVE-2021-30129 2Apache Oracle 9Banking Payments Banking Trade FinanceBanking Treasury Management+6 more Nov 21, 2024 Jul 12, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and late...Show more A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0Show less
CVE-2021-31811 3Apache FedoraprojectOracle 12Banking Corporate Lending Process Management Banking Credit Facilities Process ManagementBanking Supply Chain Finance+9 more Nov 21, 2024 Jun 12, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-27906 3Apache FedoraprojectOracle 19Banking Corporate Lending Process Management Banking Credit Facilities Process ManagementBanking Supply Chain Finance+16 more Nov 21, 2024 Mar 19, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.
CVE-2021-27807 3Apache FedoraprojectOracle 15Banking Trade Finance Process Management Banking Treasury ManagementBanking Virtual Account Management+12 more Nov 21, 2024 Mar 19, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.
CVE-2020-36183 4Debian FasterxmlNetapp+1 more 45Agile Plm Application Testing SuiteAutovue For Agile Product Lifecycle Management+42 more Apr 29, 2026 Jan 7, 2021 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.
CVE-2020-36182 4Debian FasterxmlNetapp+1 more 45Agile Plm Application Testing SuiteAutovue For Agile Product Lifecycle Management+42 more Nov 21, 2024 Jan 7, 2021 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.
CVE-2020-36180 4Debian FasterxmlNetapp+1 more 45Agile Plm Application Testing SuiteAutovue For Agile Product Lifecycle Management+42 more Nov 21, 2024 Jan 7, 2021 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.
CVE-2020-36179 4Debian FasterxmlNetapp+1 more 43Agile Plm Application Testing SuiteAutovue For Agile Product Lifecycle Management+40 more Nov 21, 2024 Jan 7, 2021 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.
CVE-2020-36189 4Debian FasterxmlNetapp+1 more 40Agile Plm Application Testing SuiteAutovue For Agile Product Lifecycle Management+37 more Nov 21, 2024 Jan 6, 2021 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.
CVE-2020-36188 4Debian FasterxmlNetapp+1 more 45Agile Plm Application Testing SuiteAutovue For Agile Product Lifecycle Management+42 more Nov 21, 2024 Jan 6, 2021 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource.
CVE-2020-36187 4Debian FasterxmlNetapp+1 more 45Agile Plm Application Testing SuiteAutovue For Agile Product Lifecycle Management+42 more Nov 21, 2024 Jan 6, 2021 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.

12 Next