Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Banking_trade_finance_process_management
(Oracle)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 14 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-11-01 | CVE-2021-41973 | In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater. | Mina, Banking_payments, Banking_trade_finance_process_management, Banking_treasury_management, Communications_cloud_native_core_console, Customer_management_and_segmentation_foundation, Flexcube_universal_banking, Fusion_middleware_common_libraries_and_tools, Oss_support_tools | 6.5 | ||
| 2022-04-19 | CVE-2022-21474 | Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). The supported version that is affected is 14.5. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or... | Banking_trade_finance_process_management | N/A | ||
| 2019-04-17 | CVE-2019-0228 | Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF. | James, Pdfbox, Fedora, Banking_corporate_lending_process_management, Banking_credit_facilities_process_management, Banking_supply_chain_finance, Banking_trade_finance_process_management, Banking_virtual_account_management, Communications_messaging_server, Communications_session_report_manager, Hyperion_financial_reporting, Peoplesoft_enterprise_peopletools, Retail_xstore_point_of_service, Webcenter_sites | 9.8 | ||
| 2020-01-14 | CVE-2019-12399 | When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration property value, then any client can issue a request to the same Connect cluster to obtain the connector's task configuration and the response will contain the plaintext secret rather than the externalized secrets variables. | Kafka, Banking_corporate_lending_process_management, Banking_credit_facilities_process_management, Banking_liquidity_management, Banking_payments, Banking_platform, Banking_supply_chain_finance, Banking_trade_finance_process_management, Banking_virtual_account_management, Blockchain_platform, Communications_cloud_native_core_policy, Financial_services_analytical_applications_infrastructure, Flexcube_universal_banking | 7.5 |