Financial Services Crime Compliance Management Studio Oracle Financial Services Crime Compliance Management Studio

Do you want an email whenever new security vulnerabilities are reported in Oracle Financial Services Crime Compliance Management Studio?

By the Year

In 2022 there have been 5 vulnerabilities in Oracle Financial Services Crime Compliance Management Studio with an average score of 6.8 out of ten. Last year Financial Services Crime Compliance Management Studio had 4 security vulnerabilities published. That is, 1 more vulnerability have already been reported in 2022 as compared to last year. Last year, the average CVE base score was greater by 0.14

Year Vulnerabilities Average Score
2022 5 6.76
2021 4 6.90
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Financial Services Crime Compliance Management Studio vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Oracle Financial Services Crime Compliance Management Studio Security Vulnerabilities

In spring framework versions prior to 5.3.20+

CVE-2022-22971 6.5 - Medium - May 12, 2022

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.

Allocation of Resources Without Limits or Throttling

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications

CVE-2022-22970 5.3 - Medium - May 12, 2022

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.

Allocation of Resources Without Limits or Throttling

The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data

CVE-2022-25647 7.5 - High - May 01, 2022

The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.

Marshaling, Unmarshaling

jackson-databind before 2.13.0

CVE-2020-36518 7.5 - High - March 11, 2022

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

Memory Corruption

The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73

CVE-2022-23181 7 - High - January 27, 2022

The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.

TOCTTOU

Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass

CVE-2021-41303 9.8 - Critical - September 17, 2021

Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0.

For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs

CVE-2021-34429 5.3 - Medium - July 15, 2021

For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.

Lodash versions prior to 4.17.21 are vulnerable to Command Injection

CVE-2021-23337 7.2 - High - February 15, 2021

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.

Code Injection

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS)

CVE-2020-28500 5.3 - Medium - February 15, 2021

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Siemens Sinec Ins or by Oracle? Click the Watch button to subscribe.

Oracle
Vendor

subscribe