Banking_enterprise_default_management - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Banking_enterprise_default_management
(Oracle)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	37

Date	Id	Summary	Products	Score	Patch	Annotated
2021-03-23	CVE-2021-21347	XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have...	Activemq, Jmeter, Debian_linux, Fedora, Oncommand_insight, Banking_enterprise_default_management, Banking_platform, Banking_virtual_account_management, Business_activity_monitoring, Communications_billing_and_revenue_management_elastic_charging_engine, Communications_policy_management, Communications_unified_inventory_management, Retail_xstore_point_of_service, Webcenter_portal, Weblogic_server, Xstream	9.8
2021-03-23	CVE-2021-21348	XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.	Activemq, Jmeter, Debian_linux, Fedora, Oncommand_insight, Banking_enterprise_default_management, Banking_platform, Banking_virtual_account_management, Business_activity_monitoring, Communications_billing_and_revenue_management_elastic_charging_engine, Communications_policy_management, Communications_unified_inventory_management, Mysql_server, Retail_xstore_point_of_service, Webcenter_portal, Xstream	7.5
2021-03-23	CVE-2021-21349	XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security...	Activemq, Jmeter, Debian_linux, Fedora, Oncommand_insight, Banking_enterprise_default_management, Banking_platform, Banking_virtual_account_management, Business_activity_monitoring, Communications_billing_and_revenue_management_elastic_charging_engine, Communications_policy_management, Communications_unified_inventory_management, Graalvm, Java_se, Retail_xstore_point_of_service, Webcenter_portal, Xstream	8.6
2021-03-23	CVE-2021-21350	XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.	Activemq, Jmeter, Debian_linux, Fedora, Oncommand_insight, Banking_enterprise_default_management, Banking_platform, Banking_virtual_account_management, Business_activity_monitoring, Communications_billing_and_revenue_management_elastic_charging_engine, Communications_policy_management, Communications_unified_inventory_management, Retail_xstore_point_of_service, Webcenter_portal, Weblogic_server, Xstream	9.8
2021-03-23	CVE-2021-21351	XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to...	Activemq, Jmeter, Debian_linux, Fedora, Oncommand_insight, Banking_enterprise_default_management, Banking_platform, Banking_virtual_account_management, Business_activity_monitoring, Communications_billing_and_revenue_management_elastic_charging_engine, Communications_policy_management, Communications_unified_inventory_management, Mysql_server, Retail_xstore_point_of_service, Webcenter_portal, Xstream	9.1
2020-03-07	CVE-2020-9281	A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax).	Ckeditor, Drupal, Fedora, Agile_plm, Application_express, Banking_enterprise_default_management, Banking_enterprise_default_managment, Jd_edwards_enterpriseone_tools, Peoplesoft_enterprise_peopletools, Siebel_apps_\-_customer_order_management, Webcenter_portal	6.1
2021-03-10	CVE-2020-13936	An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.	Velocity_engine, Wss4j, Debian_linux, Banking_deposits_and_lines_of_credit_servicing, Banking_enterprise_default_management, Banking_loans_servicing, Banking_party_management, Banking_platform, Communications_cloud_native_core_policy, Communications_network_integrity, Hospitality_token_proxy_service, Retail_integration_bus, Retail_order_broker, Retail_service_backbone, Retail_xstore_office_cloud_service, Utilities_testing_accelerator	8.8
2021-04-13	CVE-2021-29425	In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.	Commons_io, Debian_linux, Active_iq_unified_manager, Access_manager, Agile_engineering_data_management, Agile_plm, Application_performance_management, Application_testing_suite, Banking_apis, Banking_digital_experience, Banking_enterprise_default_management, Banking_enterprise_default_managment, Banking_party_management, Banking_platform, Blockchain_platform, Commerce_guided_search, Communications_application_session_controller, Communications_billing_and_revenue_management_elastic_charging_engine, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_policy, Communications_cloud_native_core_unified_data_repository, Communications_contacts_server, Communications_converged_application_server_\-_service_controller, Communications_convergence, Communications_design_studio, Communications_diameter_intelligence_hub, Communications_interactive_session_recorder, Communications_offline_mediation_controller, Communications_order_and_service_management, Communications_policy_management, Communications_pricing_design_center, Communications_service_broker, Enterprise_communications_broker, Enterprise_session_border_controller, Financial_services_analytical_applications_infrastructure, Financial_services_model_management_and_governance, Flexcube_core_banking, Fusion_middleware_mapviewer, Health_sciences_data_management_workbench, Health_sciences_information_manager, Healthcare_data_repository, Helidon, Insurance_policy_administration, Insurance_rules_palette, Oss_support_tools, Primavera_unifier, Real_user_experience_insight, Rest_data_services, Retail_assortment_planning, Retail_integration_bus, Retail_merchandising_system, Retail_order_broker, Retail_pricing, Retail_service_backbone, Retail_size_profile_optimization, Retail_xstore_point_of_service, Solaris_cluster, Utilities_testing_accelerator, Webcenter_portal, Weblogic_server	4.8
2021-06-02	CVE-2020-6950	Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter.	Mojarra, Banking_enterprise_default_management, Banking_platform, Communications_network_integrity, Communications_pricing_design_center, Hyperion_calculation_manager, Retail_merchandising_system, Solaris_cluster, Time_and_labor	6.5
2021-07-13	CVE-2021-35515	When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.	Commons_compress, Active_iq_unified_manager, Oncommand_insight, Banking_digital_experience, Banking_enterprise_default_management, Banking_party_management, Banking_payments, Banking_trade_finance, Banking_treasury_management, Business_process_management_suite, Commerce_guided_search, Communications_billing_and_revenue_management, Communications_cloud_native_core_automated_test_suite, Communications_cloud_native_core_service_communication_proxy, Communications_cloud_native_core_unified_data_repository, Communications_diameter_intelligence_hub, Communications_messaging_server, Communications_session_route_manager, Financial_services_crime_and_compliance_management_studio, Financial_services_enterprise_case_management, Flexcube_universal_banking, Healthcare_data_repository, Insurance_policy_administration, Peoplesoft_enterprise_peopletools, Primavera_unifier, Utilities_testing_accelerator	7.5