Banking Extensibility Workbench Oracle Banking Extensibility Workbench

Do you want an email whenever new security vulnerabilities are reported in Oracle Banking Extensibility Workbench?

By the Year

In 2022 there have been 0 vulnerabilities in Oracle Banking Extensibility Workbench . Last year Banking Extensibility Workbench had 2 security vulnerabilities published. Right now, Banking Extensibility Workbench is on track to have less security vulnerabilities in 2022 than it did last year.

Year Vulnerabilities Average Score
2022 0 0.00
2021 2 6.25
2020 4 7.78
2019 0 0.00
2018 0 0.00

It may take a day or so for new Banking Extensibility Workbench vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Oracle Banking Extensibility Workbench Security Vulnerabilities

Lodash versions prior to 4.17.21 are vulnerable to Command Injection

CVE-2021-23337 7.2 - High - February 15, 2021

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.

Command Injection

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS)

CVE-2020-28500 5.3 - Medium - February 15, 2021

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.

An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66

CVE-2020-28052 8.1 - High - December 18, 2020

An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.

napi_get_value_string_*()

CVE-2020-8174 8.1 - High - July 24, 2020

napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.

Integer underflow

Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.

CVE-2020-8203 7.4 - High - July 15, 2020

Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.

Prototype Pollution

In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service

CVE-2020-11080 7.5 - High - June 03, 2020

In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection.

Improper Neutralization

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Oracle Graalvm or by Oracle? Click the Watch button to subscribe.

Oracle
Vendor

subscribe