Oracle Financial Services Crime And Compliance Management Studio — known CVE vulnerabilities
Every CVE whose affected-product data names Oracle Financial Services Crime And Compliance Management Studio, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2022-22978 — CVSS 9.8 (critical): In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be…
CVE-2021-41303 — CVSS 9.8 (critical): Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass…
CVE-2020-9492 — CVSS 8.8 (high): In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to…
CVE-2022-25647 — CVSS 7.7 (high): The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in…
CVE-2021-38296 — CVSS 7.5 (high): Apache Spark supports end-to-end encryption of RPC connections via "spark.authenticate" and "spark.network.crypto.enabled". In versions…
CVE-2020-36518 — CVSS 7.5 (high): jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
CVE-2021-35515 — CVSS 7.5 (high): When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite…
CVE-2021-35516 — CVSS 7.5 (high): When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of…
CVE-2021-35517 — CVSS 7.5 (high): When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of…
CVE-2021-36090 — CVSS 7.5 (high): When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of…
CVE-2021-37714 — CVSS 7.5 (high): jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable…
CVE-2021-23337 — CVSS 7.2 (high): Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
CVE-2020-7712 — CVSS 7.2 (high): This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function.
CVE-2022-23181 — CVSS 7.0 (high): The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to…
CVE-2022-23437 — CVSS 6.5 (medium): There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This…
CVE-2022-22971 — CVSS 6.5 (medium): In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is…
CVE-2022-24823 — CVSS 5.5 (medium): Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version…
CVE-2020-28500 — CVSS 5.3 (medium): Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd…
CVE-2022-22976 — CVSS 5.3 (medium): Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow…
CVE-2021-34429 — CVSS 5.3 (medium): For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the…
CVE-2022-22970 — CVSS 5.3 (medium): In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable…