Oracle

Banking Extensibility Workbench

20 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2021-23337

Exploit
  • EPSS 0.86%
  • Published 15.02.2021 13:15:12
  • Last modified 21.11.2024 05:51:31

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.

5.3

CVE-2020-28500

Exploit
  • EPSS 0.2%
  • Published 15.02.2021 11:15:12
  • Last modified 21.11.2024 05:22:55

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.

8.1

CVE-2020-36183

Exploit
  • EPSS 2.72%
  • Published 07.01.2021 00:15:15
  • Last modified 21.11.2024 05:28:55

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.

8.1

CVE-2020-36182

Exploit
  • EPSS 2.51%
  • Published 07.01.2021 00:15:14
  • Last modified 21.11.2024 05:28:55

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.

8.1

CVE-2020-36180

Exploit
  • EPSS 2.72%
  • Published 07.01.2021 00:15:14
  • Last modified 21.11.2024 05:28:54

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.

8.1

CVE-2020-36184

Exploit
  • EPSS 5.95%
  • Published 06.01.2021 23:15:13
  • Last modified 21.11.2024 05:28:56

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.

8.1

CVE-2020-36188

Exploit
  • EPSS 8.16%
  • Published 06.01.2021 23:15:13
  • Last modified 21.11.2024 05:28:57

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource.

8.1

CVE-2020-36187

Exploit
  • EPSS 2.41%
  • Published 06.01.2021 23:15:13
  • Last modified 21.11.2024 05:28:57

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.

8.1

CVE-2020-36186

Exploit
  • EPSS 2.62%
  • Published 06.01.2021 23:15:13
  • Last modified 21.11.2024 05:28:56

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.

8.1

CVE-2020-36185

Exploit
  • EPSS 2.32%
  • Published 06.01.2021 23:15:13
  • Last modified 21.11.2024 05:28:56

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource.