Lucene search
+L
OracleBanking Trade Finance

20 matches found

CVE
CVE
added 2021/12/18 11:55 a.m.1191 views

CVE-2021-45105

Summary of CVE-2021-45105 (Log4j2) : Affected Log4j 2.x versions 2.0-alpha1 through 2.16.0 (except 2.12.3 and 2.3.1) are vulnerable to denial of service via uncontrolled recursion triggered by self-referential lookups in Thread Context Map data. The root cause is improper handling of self-referen...

5.9CVSS7.7AI score0.99999EPSS
In wildWeb
CVE
CVE
added 2021/07/14 6:20 a.m.587 views

CVE-2021-36374

CVE-2021-36374 affects Apache Ant and causes denial of service via memory allocation when parsing specially crafted ZIP-based archives (and derived formats such as JARs and certain Office files). The vulnerability stems from how Ant reads these archives, enabling large memory use and out-of-memor...

5.5CVSS6.2AI score0.0262EPSS
CVE
CVE
added 2021/08/18 3:10 p.m.544 views

CVE-2021-37714

CVE-2021-37714 affects jsoup (Java HTML parser) versions prior to 1.14.2. When parsing untrusted HTML/XML, the parser may loop, slow down, or throw exceptions, enabling a denial-of-service condition. A fix is available in jsoup 1.14.2. Workarounds include rate-limiting parsing input, capping inpu...

7.5CVSS7.3AI score0.06873EPSS
CVE
CVE
added 2021/07/13 7:15 a.m.403 views

CVE-2021-36090

CVE-2021-36090 affects Apache Commons Compress zip handling: reading a specially crafted ZIP can allocate excessive memory, causing an out-of-memory DoS. Supported details from IBM/AWS advisories point to a fix in Commons Compress (upgrade to 1.21+; e.g., Amazon Linux advisories list apache-commo...

7.5CVSS7.5AI score0.12945EPSS
CVE
CVE
added 2021/07/13 7:15 a.m.327 views

CVE-2021-35515

CVE-2021-35515 is an infinite-loop denial-of-service in Apache Commons Compress when reading a crafted 7Z archive. The issue arises during the construction of the codecs list used to decompress an entry, potentially consuming unbounded CPU and impacting services that rely on the sevenz package. C...

7.5CVSS7.2AI score0.11567EPSS
CVE
CVE
added 2021/07/12 12:10 p.m.326 views

CVE-2021-30129

CVE-2021-30129 affects Apache Mina SSHD's sshd-core; a crafted request can trigger an OutOfMemory DoS in the SFTP and port forwarding features. Remediation: upgrade to Apache Mina SSHD 2.7.0 (fix documented in the IBM PEM advisory referencing this CVE). If applying via IBM PEM, follow their patch...

6.5CVSS6.9AI score0.03394EPSS
CVE
CVE
added 2021/07/13 7:15 a.m.321 views

CVE-2021-35517

CVE-2021-35517 affects Apache Commons Compress tar handling. The vulnerability, triggered by reading a specially crafted TAR archive, can cause Compress to allocate excessive memory, potentially leading to an out-of-memory condition and a denial-of-service against services using Compress’ tar pac...

7.5CVSS7.5AI score0.10614EPSS
CVE
CVE
added 2021/07/14 6:20 a.m.303 views

CVE-2021-36373

CVE-2021-36373 is a denial-of-service in Apache Ant caused by reading a specially crafted TAR archive that can exhaust memory, leading to OOM during builds. The initial description notes that Ant versions affected include 1.9.16 and 1.10.11 and that a memory exhaustion can disrupt builds. Connect...

5.5CVSS6.1AI score0.02511EPSS
CVE
CVE
added 2021/06/12 9:45 a.m.198 views

CVE-2021-31811

CVE-2021-31811: Apache PDFBox 2.0.23 and earlier is vulnerable to an OutOfMemoryError when loading a crafted PDF. IBM/QRadar advisories confirm the issue and recommend upgrading PDFBox to v2.0.24 (via PJ46568 iFix/FIXPACK) or newer.

5.5CVSS5.6AI score0.03445EPSS
CVE
CVE
added 2022/07/19 9:8 p.m.93 views

CVE-2022-21586

CVE-2022-21586 affects Oracle Banking Trade Finance (Infrastructure) in Oracle Financial Services Applications, specifically version 14.5. The issue is exploitable with network access via HTTP by a low-privilege attacker and requires user interaction; successful attacks can lead to unauthorized c...

6.4CVSS6.4AI score0.00525EPSS
CVE
CVE
added 2022/07/19 9:8 p.m.90 views

CVE-2022-21581

CVE-2022-21581 affects Oracle Banking Trade Finance (Infrastructure) in Oracle Financial Services Applications, version 14.5. The vulnerability can be triggered by a low-privilege user with network access via HTTP, and exploitation requires user interaction. Successful attacks may lead to unautho...

5.9CVSS5.8AI score0.0051EPSS
CVE
CVE
added 2022/07/19 9:8 p.m.79 views

CVE-2022-21584

Oracle Banking Trade Finance (Infrastructure) in Oracle Financial Services Applications, affected version 14.5, is vulnerable due to what appears to be a design/logic issue. The CVE-2022-21584 entry notes network access via HTTP with low privileges and required user interaction, potentially allow...

6.4CVSS6.4AI score0.00617EPSS
CVE
CVE
added 2022/07/19 9:8 p.m.74 views

CVE-2022-21583

Technical details about CVE-2022-21583 are not publicly available in the provided connected documents. Please monitor for updates from Oracle and security advisories for affected versions, impact, and fixes.

6.4CVSS6.4AI score0.00564EPSS
CVE
CVE
added 2022/07/19 9:8 p.m.68 views

CVE-2022-21582

CVE-2022-21582 affects Oracle Banking Trade Finance (Infrastructure) in Oracle Financial Services Applications, version 14.5. The vulnerability allows a low-privileged attacker with network access via HTTP to potentially access or modify critical data and cause partial DOS, with user interaction ...

6.7CVSS6.5AI score0.00612EPSS
CVE
CVE
added 2022/07/19 9:8 p.m.67 views

CVE-2022-21585

CVE-2022-21585 affects Oracle Banking Trade Finance (Oracle Financial Services Applications), component Infrastructure, with vulnerable version 14.5. The vulnerability permits a low-privilege, network-accessible attacker (HTTP) to compromise data integrity/confidentiality and cause partial denial...

6.7CVSS6.3AI score0.00612EPSS
CVE
CVE
added 2023/10/17 9:3 p.m.60 views

CVE-2023-22122

Oracle Banking Trade Finance (Infrastructure component) in Oracle Financial Services Applications, versions 14.5–14.7, is affected. The root cause is insufficient input validation in the Infrastructure layer, allowing a low-privileged attacker with HTTP network access to compromise the system, wi...

5.9CVSS5.7AI score0.00322EPSS
CVE
CVE
added 2023/10/17 9:3 p.m.57 views

CVE-2023-22121

Oracle Banking Trade Finance (Infrastructure) in Oracle Financial Services Applications is affected for versions 14.5–14.7. The vulnerability allows an unauthenticated attacker with network access via HTTP, after user interaction, to modify or read data (unauthorized update/insert/delete and read...

5.4CVSS4.8AI score0.00341EPSS
CVE
CVE
added 2023/10/17 9:3 p.m.52 views

CVE-2023-22124

CVE-2023-22124 affects Oracle Banking Trade Finance (Infrastructure) in Oracle Financial Services Applications, specifically versions 14.5–14.7. The issue stems from insufficient input validation in the Infrastructure component, enabling a low-privileged attacker who can reach the system over HTT...

5.4CVSS5AI score0.00321EPSS
CVE
CVE
added 2023/10/17 9:3 p.m.50 views

CVE-2023-22123

CVE-2023-22123 affects Oracle Banking Trade Finance (Infrastructure) in Oracle Financial Services Applications, specifically versions 14.5–14.7. Root cause: insufficient input validation allowing a low-privileged attacker with network access via HTTP to compromise the system. Impact includes unau...

5.4CVSS5AI score0.00321EPSS
CVE
CVE
added 2023/10/17 9:3 p.m.48 views

CVE-2023-22125

Oracle Banking Trade Finance (Infrastructure) in Oracle Financial Services Applications is affected for versions 14.5–14.7. The vulnerability arises from insufficient input validation, enabling a remote attacker with network access over HTTP and low privileges to access data with read, update, in...

5.4CVSS5AI score0.00321EPSS