Product:

Banking_treasury_management

(Oracle)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 29
Date Id Summary Products Score Patch Annotated
2020-10-01 CVE-2020-11979 As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process. Ant, Fedora, Gradle, Agile_engineering_data_management, Api_gateway, Banking_platform, Banking_treasury_management, Communications_unified_inventory_management, Data_integrator, Endeca_information_discovery_studio, Enterprise_repository, Financial_services_analytical_applications_infrastructure, Flexcube_private_banking, Primavera_gateway, Primavera_unifier, Real\-Time_decision_server, Retail_advanced_inventory_planning, Retail_assortment_planning, Retail_category_management_planning_\&_optimization, Retail_eftlink, Retail_financial_integration, Retail_integration_bus, Retail_item_planning, Retail_macro_space_optimization, Retail_merchandise_financial_planning, Retail_merchandising_system, Retail_predictive_application_server, Retail_regular_price_optimization, Retail_replenishment_optimization, Retail_service_backbone, Retail_size_profile_optimization, Retail_store_inventory_management, Retail_xstore_point_of_service, Storagetek_acsls, Storagetek_tape_analytics, Timesten_in\-Memory_database, Utilities_framework 7.5
2020-12-03 CVE-2020-25649 A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity. Iotdb, Jackson\-Databind, Fedora, Oncommand_api_services, Oncommand_workflow_automation, Service_level_manager, Agile_plm, Agile_product_lifecycle_management_integration_pack, Banking_apis, Banking_platform, Banking_treasury_management, Blockchain_platform, Coherence, Commerce_platform, Communications_billing_and_revenue_management, Communications_cloud_native_core_unified_data_repository, Communications_convergent_charging_controller, Communications_evolved_communications_application_server, Communications_instant_messaging_server, Communications_interactive_session_recorder, Communications_messaging_server, Communications_network_charging_and_control, Communications_offline_mediation_controller, Communications_pricing_design_center, Communications_services_gatekeeper, Communications_unified_inventory_management, Goldengate_application_adapters, Health_sciences_empirica_signal, Insurance_policy_administration, Insurance_rules_palette, Jd_edwards_enterpriseone_orchestrator, Jd_edwards_enterpriseone_tools, Primavera_gateway, Retail_service_backbone, Retail_xstore_point_of_service, Sd\-Wan_edge, Utilities_framework, Webcenter_portal, Quarkus 7.5
2020-12-27 CVE-2020-35728 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl). Debian_linux, Jackson\-Databind, Service_level_manager, Agile_plm, Application_testing_suite, Autovue, Banking_corporate_lending_process_management, Banking_credit_facilities_process_management, Banking_extensibility_workbench, Banking_supply_chain_finance, Banking_treasury_management, Banking_virtual_account_management, Blockchain_platform, Commerce_platform, Communications_billing_and_revenue_management, Communications_cloud_native_core_policy, Communications_cloud_native_core_unified_data_repository, Communications_convergent_charging_controller, Communications_diameter_signaling_route, Communications_element_manager, Communications_evolved_communications_application_server, Communications_network_charging_and_control, Communications_policy_management, Communications_services_gatekeeper, Communications_session_report_manager, Communications_session_route_manager, Communications_unified_inventory_management, Data_integrator, Goldengate_application_adapters, Insurance_policy_administration, Insurance_rules_palette, Jd_edwards_enterpriseone_orchestrator, Jd_edwards_enterpriseone_tools, Primavera_gateway, Primavera_unifier, Retail_customer_management_and_segmentation_foundation, Retail_merchandising_system, Retail_service_backbone, Retail_xstore_point_of_service, Webcenter_portal 8.1
2021-01-07 CVE-2020-36179 FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS. Debian_linux, Jackson\-Databind, Cloud_backup, Service_level_manager, Agile_plm, Application_testing_suite, Autovue_for_agile_product_lifecycle_management, Banking_corporate_lending_process_management, Banking_credit_facilities_process_management, Banking_supply_chain_finance, Banking_treasury_management, Banking_virtual_account_management, Blockchain_platform, Commerce_platform, Communications_billing_and_revenue_management, Communications_cloud_native_core_policy, Communications_cloud_native_core_unified_data_repository, Communications_convergent_charging_controller, Communications_diameter_signaling_route, Communications_element_manager, Communications_evolved_communications_application_server, Communications_instant_messaging_server, Communications_network_charging_and_control, Communications_offline_mediation_controller, Communications_policy_management, Communications_pricing_design_center, Communications_services_gatekeeper, Communications_session_report_manager, Communications_session_route_manager, Communications_unified_inventory_management, Data_integrator, Goldengate_application_adapters, Insurance_policy_administration, Insurance_rules_palette, Jd_edwards_enterpriseone_orchestrator, Jd_edwards_enterpriseone_tools, Primavera_gateway, Primavera_unifier, Retail_customer_management_and_segmentation_foundation, Retail_merchandising_system, Retail_service_backbone, Retail_xstore_point_of_service, Webcenter_portal 8.1
2021-03-19 CVE-2021-27807 A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions. Pdfbox, Fedora, Banking_trade_finance_process_management, Banking_treasury_management, Banking_virtual_account_management, Communications_messaging_server, Communications_session_report_manager, Flexcube_universal_banking, Hyperion_financial_reporting, Hyperion_infrastructure_technology, Outside_in_technology, Primavera_unifier, Retail_customer_management_and_segmentation_foundation, Retail_xstore_point_of_service, Webcenter_sites 5.5
2021-03-19 CVE-2021-27906 A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions. Pdfbox, Fedora, Banking_corporate_lending_process_management, Banking_credit_facilities_process_management, Banking_supply_chain_finance, Banking_trade_finance_process_management, Banking_treasury_management, Banking_virtual_account_management, Communications_messaging_server, Communications_session_report_manager, Flexcube_universal_banking, Hyperion_financial_reporting, Hyperion_infrastructure_technology, Outside_in_technology, Peoplesoft_enterprise_peopletools, Primavera_unifier, Retail_customer_management_and_segmentation_foundation, Retail_xstore_point_of_service, Webcenter_sites 5.5
2021-06-12 CVE-2021-31811 In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions. Pdfbox, Fedora, Banking_corporate_lending_process_management, Banking_credit_facilities_process_management, Banking_supply_chain_finance, Banking_trade_finance, Banking_treasury_management, Communications_messaging_server, Flexcube_universal_banking, Outside_in_technology, Primavera_unifier, Retail_customer_management_and_segmentation_foundation 5.5
2021-07-12 CVE-2021-30129 A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0 Sshd, Banking_payments, Banking_trade_finance, Banking_treasury_management, Communications_cloud_native_core_console, Flexcube_universal_banking, Middleware_common_libraries_and_tools, Oss_support_tools, Retail_customer_management_and_segmentation_foundation 6.5
2021-07-13 CVE-2021-35515 When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package. Commons_compress, Active_iq_unified_manager, Oncommand_insight, Banking_digital_experience, Banking_enterprise_default_management, Banking_party_management, Banking_payments, Banking_trade_finance, Banking_treasury_management, Business_process_management_suite, Commerce_guided_search, Communications_billing_and_revenue_management, Communications_cloud_native_core_automated_test_suite, Communications_cloud_native_core_service_communication_proxy, Communications_cloud_native_core_unified_data_repository, Communications_diameter_intelligence_hub, Communications_messaging_server, Communications_session_route_manager, Financial_services_crime_and_compliance_management_studio, Financial_services_enterprise_case_management, Flexcube_universal_banking, Healthcare_data_repository, Insurance_policy_administration, Peoplesoft_enterprise_peopletools, Primavera_unifier, Utilities_testing_accelerator 7.5
2021-07-13 CVE-2021-35517 When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package. Commons_compress, Active_iq_unified_manager, Oncommand_insight, Banking_apis, Banking_digital_experience, Banking_enterprise_default_management, Banking_party_management, Banking_payments, Banking_trade_finance, Banking_treasury_management, Business_process_management_suite, Commerce_guided_search, Communications_billing_and_revenue_management, Communications_cloud_native_core_service_communication_proxy, Communications_cloud_native_core_unified_data_repository, Communications_diameter_intelligence_hub, Communications_messaging_server, Communications_session_route_manager, Financial_services_crime_and_compliance_management_studio, Financial_services_enterprise_case_management, Flexcube_universal_banking, Healthcare_data_repository, Insurance_policy_administration, Peoplesoft_enterprise_peopletools, Primavera_unifier, Utilities_testing_accelerator, Webcenter_portal 7.5