Oracle Banking Supply Chain Finance vulnerabilities
26 known vulnerabilities affecting oracle/banking_supply_chain_finance.
Total CVEs
26
CISA KEV
1
actively exploited
Public exploits
4
Exploited in wild
1
Severity breakdown
CRITICAL3HIGH19MEDIUM4
Vulnerabilities
Page 2 of 2
CVE-2020-24750HIGHCVSS 8.1v14.2.0v14.3.0+1 more2020-09-17
CVE-2020-24750 [HIGH] CWE-502 CVE-2020-24750: FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadg
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.
nvd
CVE-2020-24616HIGHCVSS 8.1v14.2v14.3+1 more2020-08-25
CVE-2020-24616 [HIGH] CWE-502 CVE-2020-24616: FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadg
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).
nvd
CVE-2020-5413CRITICALCVSS 9.8v14.2.0v14.3.0+1 more2020-07-31
CVE-2020-5413 [CRITICAL] CWE-502 CVE-2020-5413: Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)seri
Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data contains malicious code for execution during deserialization. In order to
nvd
CVE-2020-8203HIGHCVSS 7.4v14.2.0v14.3.0+1 more2020-07-15
CVE-2020-8203 [HIGH] CWE-770 CVE-2020-8203: Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
nvd
CVE-2019-12399HIGHCVSS 7.5≥ 14.2.0, ≤ 14.4.02020-01-14
CVE-2019-12399 [HIGH] CWE-319 CVE-2019-12399: When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configur
When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration property value, then any client can issue a request to the same Connect c
nvd
CVE-2019-0228CRITICALCVSS 9.8v14.2v14.3+1 more2019-04-17
CVE-2019-0228 [CRITICAL] CWE-611 CVE-2019-0228: Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent att
Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF.
nvd
← Previous2 / 2