Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Flexcube Private Banking Security Vulnerabilities

cve
cve

CVE-2020-11979

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the...

7.5CVSS

6.4AI Score

0.002EPSS

2020-10-01 08:15 PM
217
3
cve
cve

CVE-2020-11998

A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack:...

9.8CVSS

9.6AI Score

0.006EPSS

2020-09-10 07:15 PM
56
5
cve
cve

CVE-2020-13920

Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to...

5.9CVSS

5.8AI Score

0.003EPSS

2020-09-10 07:15 PM
92
3
cve
cve

CVE-2020-1941

In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a...

6.1CVSS

6.4AI Score

0.003EPSS

2020-05-14 05:15 PM
91
4
cve
cve

CVE-2020-11973

Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to...

9.8CVSS

9.2AI Score

0.014EPSS

2020-05-14 05:15 PM
66
3
cve
cve

CVE-2020-11972

Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to...

9.8CVSS

9.2AI Score

0.008EPSS

2020-05-14 05:15 PM
71
cve
cve

CVE-2020-11971

Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to...

7.5CVSS

8.1AI Score

0.001EPSS

2020-05-14 05:15 PM
87
3
cve
cve

CVE-2020-1945

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build...

6.3CVSS

6.3AI Score

0.001EPSS

2020-05-14 04:15 PM
348
5
cve
cve

CVE-2020-1951

A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions...

5.5CVSS

5.5AI Score

0.001EPSS

2020-03-23 02:15 PM
65
2
cve
cve

CVE-2019-12406

Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message. This leaves open the possibility of a denial of service type attack, where a malicious user crafts a message containing a very large number of message attachments. From the 3.3.4 and.....

6.5CVSS

6.6AI Score

0.016EPSS

2019-11-06 09:15 PM
151
15
cve
cve

CVE-2019-12415

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE)...

5.5CVSS

5.9AI Score

0.001EPSS

2019-10-23 08:15 PM
163
5
cve
cve

CVE-2019-17359

The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in...

7.5CVSS

8.1AI Score

0.006EPSS

2019-10-08 02:15 PM
136
2
cve
cve

CVE-2019-13990

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job...

9.8CVSS

9.1AI Score

0.008EPSS

2019-07-26 07:15 PM
452
2
cve
cve

CVE-2019-5427

c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading...

7.5CVSS

8.2AI Score

0.025EPSS

2019-04-22 09:29 PM
116
cve
cve

CVE-2018-10237

Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization)....

5.9CVSS

5.9AI Score

0.011EPSS

2018-04-26 09:29 PM
416
4
cve
cve

CVE-2016-8298

Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows low privileged attacker with network...

8.1CVSS

7.7AI Score

0.001EPSS

2017-01-27 10:59 PM
17
cve
cve

CVE-2016-5493

Unspecified vulnerability in the Oracle FLEXCUBE Private Banking component in Oracle Financial Services Applications 12.0.1 through 12.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown...

4.2CVSS

7.5AI Score

0.001EPSS

2016-10-25 02:29 PM
15
cve
cve

CVE-2013-4316

Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack...

8.3AI Score

0.009EPSS

2013-09-30 09:55 PM
54
4