Banking Enterprise Default Management Oracle Banking Enterprise Default Management

Do you want an email whenever new security vulnerabilities are reported in Oracle Banking Enterprise Default Management?

By the Year

In 2022 there have been 0 vulnerabilities in Oracle Banking Enterprise Default Management . Last year Banking Enterprise Default Management had 16 security vulnerabilities published. Right now, Banking Enterprise Default Management is on track to have less security vulnerabilities in 2022 than it did last year.

Year Vulnerabilities Average Score
2022 0 0.00
2021 16 8.41
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Banking Enterprise Default Management vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Oracle Banking Enterprise Default Management Security Vulnerabilities

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory

CVE-2021-36090 7.5 - High - July 13, 2021

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.

When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory

CVE-2021-35517 7.5 - High - July 13, 2021

When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package.

Allocation of Resources Without Limits or Throttling

When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory

CVE-2021-35516 7.5 - High - July 13, 2021

When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz package.

Allocation of Resources Without Limits or Throttling

When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop

CVE-2021-35515 7.5 - High - July 13, 2021

When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.

Infinite Loop

Directory traversal in Eclipse Mojarra before 2.3.14

CVE-2020-6950 6.5 - Medium - June 02, 2021

Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter.

Directory traversal

XStream is a Java library to serialize objects to XML and back again

CVE-2021-21351 9.1 - Critical - March 23, 2021

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

Marshaling, Unmarshaling

XStream is a Java library to serialize objects to XML and back again

CVE-2021-21350 9.8 - Critical - March 23, 2021

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

Marshaling, Unmarshaling

XStream is a Java library to serialize objects to XML and back again

CVE-2021-21349 8.6 - High - March 23, 2021

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

XSPA

XStream is a Java library to serialize objects to XML and back again

CVE-2021-21348 7.5 - High - March 23, 2021

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

Resource Exhaustion

XStream is a Java library to serialize objects to XML and back again

CVE-2021-21347 9.8 - Critical - March 23, 2021

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

Marshaling, Unmarshaling

XStream is a Java library to serialize objects to XML and back again

CVE-2021-21346 9.8 - Critical - March 23, 2021

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

Marshaling, Unmarshaling

XStream is a Java library to serialize objects to XML and back again

CVE-2021-21345 9.9 - Critical - March 23, 2021

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

Code Injection

XStream is a Java library to serialize objects to XML and back again

CVE-2021-21344 9.8 - Critical - March 23, 2021

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

Marshaling, Unmarshaling

XStream is a Java library to serialize objects to XML and back again

CVE-2021-21343 7.5 - High - March 23, 2021

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in the deletion of a file on the local host. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

Marshaling, Unmarshaling

XStream is a Java library to serialize objects to XML and back again

CVE-2021-21341 7.5 - High - March 23, 2021

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

Resource Exhaustion

An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container

CVE-2020-13936 8.8 - High - March 10, 2021

An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Oracle Retail Xstore Office Cloud Service or by Oracle? Click the Watch button to subscribe.

Oracle
Vendor

subscribe