Latest oracle financial services crime and compliance management studio Vulnerabilities

CVE-2022-22976
A flaw was found in Spring Framework. The encoder does not perform any salt rounds when using the BCrypt class with the maximum work factor (31) due to an integer overflow error.
redhat/jenkins<0:2.401.1.1686831596-3.el8
redhat/spring-security<5.5.7
redhat/spring-security<5.6.4
redhat/spring-security<5.7.0
Vmware Spring Security<5.5.7
Vmware Spring Security>=5.6.0<5.6.4
and 5 more
CVE-2022-22978
A flaw was found in Spring Security. When using RegexRequestMatcher, an easy misconfiguration can bypass some servlet containers. Applications using RegexRequestMatcher with `.` in the regular express...
redhat/jenkins<0:2.387.3.1684911776-3.el8
redhat/spring-security<5.5.7
redhat/spring-security<5.6.4
redhat/spring-security<5.7.0
Vmware Spring Security<5.5.7
Vmware Spring Security>=5.6.0<5.6.4
and 5 more
CVE-2022-22970
A flaw was found in Spring Framework. Applications that handle file uploads are vulnerable to a denial of service (DoS) attack if they rely on data binding to set a MultipartFile or javax.servlet.Part...
redhat/springframework<5.3.20
redhat/springframework<5.2.22
maven/org.springframework:spring-beans>=5.3.0<5.3.20
maven/org.springframework:spring-beans<=5.2.21.RELEASE
VMware Spring Framework<=5.2.21
VMware Spring Framework>=5.3.0<=5.3.19
and 8 more
CVE-2022-22971
A flaw was found in Spring Framework Applications. Applications that use STOMP over the WebSocket endpoint are vulnerable to a denial of service attack caused by an authenticated user.
redhat/springframework<5.3.20
redhat/springframework<5.2.22
maven/org.springframework:spring-messaging<=5.2.21.RELEASE
maven/org.springframework:spring-messaging>=5.3.0<5.3.20
VMware Spring Framework>=5.2.0<=5.2.21
VMware Spring Framework>=5.3.0<=5.3.19
and 4 more
CVE-2022-24823
CVE-2021-21290 contains an incomplete fix, and this addresses the issue found in netty. When using multipart decoders in netty, local information disclosure can occur via the local system temporary di...
redhat/eap7-netty<0:4.1.77-1.Final_redhat_00001.1.el8ea
redhat/eap7<0:1-18.el9ea
redhat/eap7-activemq-artemis<0:2.16.0-9.redhat_00042.1.el9ea
redhat/eap7-activemq-artemis-native<1:1.0.2-1.redhat_00001.1.el9ea
redhat/eap7-aesh-extensions<0:1.8.0-1.redhat_00001.1.el9ea
redhat/eap7-aesh-readline<0:2.2.0-1.redhat_00001.1.el9ea
and 191 more
CVE-2022-25647
A flaw was found in gson, which is vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes. This issue may lead to availability attacks.
redhat/jenkins<2-plugins-0:4.13.1684911916-1.el8
redhat/eap7-gson<0:2.8.9-1.redhat_00001.1.el8ea
redhat/eap7<0:1-18.el9ea
redhat/eap7-activemq-artemis<0:2.16.0-9.redhat_00042.1.el9ea
redhat/eap7-activemq-artemis-native<1:1.0.2-1.redhat_00001.1.el9ea
redhat/eap7-aesh-extensions<0:1.8.0-1.redhat_00001.1.el9ea
and 203 more
CVE-2021-38296
Apache Spark supports end-to-end encryption of RPC connections via "spark.authenticate" and "spark.network.crypto.enabled". In versions 3.1.2 and earlier, it uses a bespoke mutual authentication proto...
Apache Spark<3.1.3
Oracle Financial Services Crime And Compliance Management Studio=8.0.8.2.0
Oracle Financial Services Crime And Compliance Management Studio=8.0.8.3.0
pip/pyspark<3.1.3
maven/org.apache.spark:spark-core<3.1.3
CVE-2022-23181
The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed ...
redhat/jws5-tomcat<0:9.0.62-9.redhat_00005.1.el7
redhat/jws5-tomcat<0:9.0.62-9.redhat_00005.1.el8
redhat/jws5-tomcat<0:9.0.62-9.redhat_00005.1.el9
debian/tomcat9<=9.0.31-1~deb10u6
Apache Tomcat>=8.5.55<=8.5.73
Apache Tomcat>=9.0.35<=9.0.56
and 24 more
CVE-2022-23437
Apache Xerces2 Java XML Parser is vulnerable to a denial of service, caused by an infinite loop in the XML parser. By persuading a victim to open a specially-crafted XML document payloads, a remote at...
redhat/eap7-xerces-j2<0:2.12.0-3.SP04_redhat_00001.1.el8ea
redhat/eap7-xerces-j2<0:2.12.0-3.SP04_redhat_00001.1.el7ea
IBM Sterling Secure Proxy<=6.0.3
redhat/xerces-j2<2.12.2
Apache Xerces-j<=2.12.1
Oracle Agile Engineering Data Management=6.2.1.0
and 56 more
CVE-2021-37714
jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, ...
redhat/eap7-apache-cxf<0:3.3.12-1.redhat_00001.1.el6ea
redhat/eap7-ironjacamar<0:1.5.3-1.Final_redhat_00001.1.el6ea
redhat/eap7-jakarta-el<0:3.0.3-3.redhat_00007.1.el6ea
redhat/eap7-jboss-ejb-client<0:4.0.43-1.Final_redhat_00001.1.el6ea
redhat/eap7-jboss-server-migration<0:1.7.2-10.Final_redhat_00011.1.el6ea
redhat/eap7-jsoup<0:1.14.2-1.redhat_00002.1.el6ea
and 55 more
CVE-2021-34429
For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security co...
redhat/jetty<9.4.43
redhat/jetty<10.0.6
redhat/jetty<11.0.6
Eclipse Jetty>=9.4.37<9.4.43
Eclipse Jetty>=10.0.1<10.0.6
Eclipse Jetty>=11.0.1<11.0.6
and 19 more
CVE-2021-36090
A flaw was found in apache-commons-compress. When reading a specially crafted ZIP archive, Compress can allocate large amounts of memory that leads to an out-of-memory error for small inputs. This fla...
redhat/apache-commons-compress<0:1.21-1.2.el8e
IBM Cloud Pak System<=V2.3.0 - V2.3.3.3 Interim Fix 1
redhat/apache-commons-compress<1.21
Apache Commons Compress>=1.0<1.21
Oracle Banking Apis>=18.1<=18.3
Oracle Banking Apis=19.1
and 69 more
CVE-2021-35515
A flaw was found in apache-commons-compress. When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This flaw allo...
redhat/apache-commons-compress<0:1.21-1.2.el8e
redhat/apache-commons-compress<1.21
Apache Commons Compress>=1.6<=1.20
Netapp Active Iq Unified Manager Linux
Netapp Active Iq Unified Manager Vmware Vsphere
Netapp Active Iq Unified Manager Windows
and 43 more
CVE-2021-35516
A flaw was found in apache-commons-compress. When reading a specially crafted 7Z archive, Compress can allocate large amounts of memory that leads to an out-of-memory error for very small inputs. This...
redhat/apache-commons-compress<0:1.21-1.2.el8e
redhat/apache-commons-compress<1.21
Apache Commons Compress>=1.6<=1.20
Netapp Active Iq Unified Manager Linux
Netapp Active Iq Unified Manager Vmware Vsphere
Netapp Active Iq Unified Manager Windows
and 43 more
CVE-2021-35517
A flaw was found in apache-commons-compress. When reading a specially crafted TAR archive, Compress can allocate large amounts of memory that leads to an out-of-memory error for small inputs. This fla...
redhat/apache-commons-compress<0:1.21-1.2.el8e
redhat/apache-commons-compress<1.21
Apache Commons Compress>=1.1<=1.20
Netapp Active Iq Unified Manager Linux
Netapp Active Iq Unified Manager Vmware Vsphere
Netapp Active Iq Unified Manager Windows
and 50 more
CVE-2021-23337
`lodash` versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
redhat/cockpit-ovirt<0:0.15.1-2.el8e
redhat/ovirt-engine-ui-extensions<0:1.2.6-1.el8e
redhat/ovirt-web-ui<0:1.6.9-1.el8e
redhat/nodejs-lodash<4.17.21
npm/lodash-template<=1.0.0
npm/lodash.template<=4.5.0
and 50 more
CVE-2020-28500
A flaw was found in nodejs-lodash. A Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions is possible.
redhat/cockpit-ovirt<0:0.15.1-2.el8e
redhat/ovirt-engine-ui-extensions<0:1.2.6-1.el8e
redhat/ovirt-web-ui<0:1.6.9-1.el8e
npm/lodash.trim<=4.5.1
npm/lodash.trimend<=4.5.1
npm/lodash-es<4.17.21
and 44 more
CVE-2020-9492
In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification.
redhat/hadoop<3.2.2
redhat/hadoop<3.1.4
redhat/hadoop<2.10.1
Apache Hadoop>=2.0.0<=2.10.0
Apache Hadoop>=3.0.0<=3.1.3
Apache Hadoop>=3.2.0<=3.2.1
and 4 more
CVE-2020-7712
This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function.
maven/org.webjars.npm:json<=9.0.6
npm/json<10.0.0
Joyent Json Node.js<10.0.0
Oracle Commerce Guided Search=11.3.2
Oracle Financial Services Crime And Compliance Management Studio=8.0.8.2.0
Oracle Financial Services Crime And Compliance Management Studio=8.0.8.3.0
and 2 more
CVE-2020-36518
A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.
debian/jackson-databind<=2.9.8-3+deb10u3
redhat/jackson-databind<0:2.14.1-2.el9
redhat/eap7-jackson-databind<0:2.12.6.1-1.redhat_00003.1.el8ea
redhat/eap7-jackson-databind<0:2.12.6.1-1.redhat_00003.1.el7ea
redhat/rh-sso7-keycloak<0:15.0.8-1.redhat_00001.1.el7
redhat/rh-sso7-keycloak<0:15.0.8-1.redhat_00001.1.el8
and 88 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203