Oracle Banking Extensibility Workbench vulnerabilities
20 known vulnerabilities affecting oracle/banking_extensibility_workbench.
Total CVEs
20
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH18MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2021-23337HIGHCVSS 7.2PoCv14.2.0v14.3.0+1 more2021-02-15
CVE-2021-23337 [HIGH] CWE-94 CVE-2021-23337: Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
nvd
CVE-2020-28500MEDIUMCVSS 5.3v14.2.0v14.3.0+1 more2021-02-15
CVE-2020-28500 [MEDIUM] CVE-2020-28500: Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via
Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
nvd
CVE-2020-36183HIGHCVSS 8.1v14.2v14.3+1 more2021-01-07
CVE-2020-36183 [HIGH] CWE-502 CVE-2020-36183: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.
nvd
CVE-2020-36182HIGHCVSS 8.1v14.2v14.3+1 more2021-01-07
CVE-2020-36182 [HIGH] CWE-502 CVE-2020-36182: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.
nvd
CVE-2020-36180HIGHCVSS 8.1v14.2v14.3+1 more2021-01-07
CVE-2020-36180 [HIGH] CWE-502 CVE-2020-36180: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.
nvd
CVE-2020-36184HIGHCVSS 8.1v14.2v14.3+1 more2021-01-06
CVE-2020-36184 [HIGH] CWE-502 CVE-2020-36184: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.
nvd
CVE-2020-36186HIGHCVSS 8.1v14.2v14.3+1 more2021-01-06
CVE-2020-36186 [HIGH] CWE-502 CVE-2020-36186: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.
nvd
CVE-2020-36187HIGHCVSS 8.1v14.2v14.3+1 more2021-01-06
CVE-2020-36187 [HIGH] CWE-502 CVE-2020-36187: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.
nvd
CVE-2020-36181HIGHCVSS 8.1v14.2v14.3+1 more2021-01-06
CVE-2020-36181 [HIGH] CWE-502 CVE-2020-36181: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.
nvd
CVE-2020-36188HIGHCVSS 8.1v14.2v14.3+1 more2021-01-06
CVE-2020-36188 [HIGH] CWE-502 CVE-2020-36188: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource.
nvd
CVE-2020-36185HIGHCVSS 8.1v14.2v14.3+1 more2021-01-06
CVE-2020-36185 [HIGH] CWE-502 CVE-2020-36185: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource.
nvd
CVE-2020-35728HIGHCVSS 8.1v14.2v14.3+1 more2020-12-27
CVE-2020-35728 [HIGH] CWE-502 CVE-2020-35728: FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadg
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).
nvd
CVE-2020-28052HIGHCVSS 8.1v14.2.0v14.3.0+1 more2020-12-18
CVE-2020-28052 [HIGH] CVE-2020-28052: An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.chec
An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.
nvd
CVE-2020-15824HIGHCVSS 8.8v14.2v14.3+1 more2020-08-08
CVE-2020-15824 [HIGH] CWE-269 CVE-2020-15824: In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. Fixed vers
In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. Fixed version is 1.4.0) there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default.
nvd
CVE-2020-8174HIGHCVSS 8.1v14.3.0v14.4.02020-07-24
CVE-2020-8174 [HIGH] CWE-119 CVE-2020-8174: napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and
napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.
nvd
CVE-2020-8203HIGHCVSS 7.4v14.2.0v14.3.0+1 more2020-07-15
CVE-2020-8203 [HIGH] CWE-770 CVE-2020-8203: Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
nvd
CVE-2020-8172HIGHCVSS 7.4v14.3.0v14.4.02020-06-08
CVE-2020-8172 [HIGH] CWE-295 CVE-2020-8172: TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 1
TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0.
nvd
CVE-2020-11080HIGHCVSS 7.5v14.3.0v14.4.02020-06-03
CVE-2020-11080 [LOW] CWE-707 CVE-2020-11080: In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of se
In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vuln
nvd
CVE-2020-10531HIGHCVSS 8.8v14.3.0v14.4.02020-03-12
CVE-2020-10531 [HIGH] CWE-190 CVE-2020-10531: An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An int
An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.
nvd
CVE-2019-10744CRITICALCVSS 9.1v14.3.0v14.4.02019-07-26
CVE-2019-10744 [CRITICAL] CWE-1321 CVE-2019-10744: Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDe
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
nvd