Lucene search

Financial Services Crime And Compliance Management Studio Security Vulnerabilities

cve

CVE-2022-22976

Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The...

5.3CVSS

7.1AI Score

0.002EPSS

2022-05-19 03:15 PM

129

cve

CVE-2022-22978

In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with . in the regular expression are possibly vulnerable to an...

9.8CVSS

9.2AI Score

0.009EPSS

2022-05-19 03:15 PM

212

cve

CVE-2022-22971

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated...

6.5CVSS

6.2AI Score

0.006EPSS

2022-05-12 08:15 PM

1025

cve

CVE-2022-22970

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model...

5.3CVSS

5.7AI Score

0.004EPSS

2022-05-12 08:15 PM

272

cve

CVE-2022-25647

The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS...

7.5CVSS

7.4AI Score

0.002EPSS

2022-05-01 04:15 PM

406

cve

CVE-2020-36518

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested...

7.5CVSS

7.6AI Score

0.002EPSS

2022-03-11 07:15 AM

338

cve

CVE-2021-23337

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template...

7.2CVSS

7.4AI Score

0.006EPSS

2021-02-15 01:15 PM

238

cve

CVE-2020-28500

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd...

5.3CVSS

6AI Score

0.002EPSS

2021-02-15 11:15 AM

165

cve

CVE-2020-9492

In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper...

8.8CVSS

9AI Score

0.02EPSS

2021-01-26 06:16 PM

cve

CVE-2020-7712

This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup...

7.2CVSS

8.2AI Score

0.016EPSS

2020-08-30 08:15 AM