Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Flexcube Private Banking Security Vulnerabilities - CVSS Score 9 - 10

cve
cve

CVE-2019-12419

Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect service. There is a vulnerability in the access token services, where it does not validate that the authenticated principal is equal to that of the supplied clientId parameter...

9.8CVSS

9.1AI Score

0.015EPSS

2019-11-06 09:15 PM
183
11
cve
cve

CVE-2019-13990

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.

9.8CVSS

9AI Score

0.008EPSS

2019-07-26 07:15 PM
471
2
cve
cve

CVE-2019-2904

Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Orac...

9.8CVSS

9.1AI Score

0.076EPSS

2019-10-16 06:15 PM
125
4
cve
cve

CVE-2019-3773

Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.

9.8CVSS

9.5AI Score

0.006EPSS

2019-01-18 10:29 PM
103
4
cve
cve

CVE-2020-11972

Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.

9.8CVSS

9.2AI Score

0.008EPSS

2020-05-14 05:15 PM
81
cve
cve

CVE-2020-11973

Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.

9.8CVSS

9.2AI Score

0.014EPSS

2020-05-14 05:15 PM
78
3
cve
cve

CVE-2020-11998

A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack: https://docs.oracle.com/javase/8/docs/technotes/guides/...

9.8CVSS

9.6AI Score

0.007EPSS

2020-09-10 07:15 PM
65
5
cve
cve

CVE-2020-5413

Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data contains malicious cod...

9.8CVSS

9.3AI Score

0.003EPSS

2020-07-31 08:15 PM
94