Lucene search
K
OracleBanking Payments

35 matches found

CVE
CVE
added 2021/12/18 11:55 a.m.1186 views

CVE-2021-45105

Summary of CVE-2021-45105 (Log4j2) : Affected Log4j 2.x versions 2.0-alpha1 through 2.16.0 (except 2.12.3 and 2.3.1) are vulnerable to denial of service via uncontrolled recursion triggered by self-referential lookups in Thread Context Map data. The root cause is improper handling of self-referen...

5.9CVSS7.7AI score0.99999EPSS
In wildWeb
CVE
CVE
added 2018/04/26 9:0 p.m.656 views

CVE-2018-10237

CVE-2018-10237 affects Google Guava 11.0–24.x before 24.1.1. Unbounded memory allocation occurs during Java serialization of AtomicDoubleArray and GWT serialization of CompoundOrdering, enabling potential denial-of-service via memory exhaustion. Root cause is eager allocation without checks on cl...

5.9CVSS5.9AI score0.05119EPSS
CVE
CVE
added 2019/07/26 12:0 a.m.586 views

CVE-2019-13990

CVE-2019-13990 affects Terracotta Quartz Scheduler within Atlassian Jira Service Management Data Center/Server and related Oracle Fusion Middleware deployments, via XXE in the Terracotta Quartz Scheduler component when parsing a job description. The root cause is an XML External Entity condition ...

9.8CVSS9AI score0.162EPSS
CVE
CVE
added 2021/07/13 7:15 a.m.401 views

CVE-2021-36090

CVE-2021-36090 affects Apache Commons Compress zip handling: reading a specially crafted ZIP can allocate excessive memory, causing an out-of-memory DoS. Supported details from IBM/AWS advisories point to a fix in Commons Compress (upgrade to 1.21+; e.g., Amazon Linux advisories list apache-commo...

7.5CVSS7.5AI score0.12945EPSS
CVE
CVE
added 2019/10/23 7:27 p.m.345 views

CVE-2019-12415

CVE-2019-12415 affects Apache POI up to version 4.1.0. The vulnerability arises when using the tool XSSFExportToXml to convert user-supplied Excel documents, allowing an attacker to read local filesystem or internal network resources via XML External Entity (XXE) processing. The Connected documen...

5.5CVSS6.7AI score0.0099EPSS
CVE
CVE
added 2021/07/13 7:15 a.m.325 views

CVE-2021-35515

CVE-2021-35515 is an infinite-loop denial-of-service in Apache Commons Compress when reading a crafted 7Z archive. The issue arises during the construction of the codecs list used to decompress an entry, potentially consuming unbounded CPU and impacting services that rely on the sevenz package. C...

7.5CVSS7.2AI score0.11567EPSS
CVE
CVE
added 2021/07/12 12:10 p.m.324 views

CVE-2021-30129

CVE-2021-30129 affects Apache Mina SSHD's sshd-core; a crafted request can trigger an OutOfMemory DoS in the SFTP and port forwarding features. Remediation: upgrade to Apache Mina SSHD 2.7.0 (fix documented in the IBM PEM advisory referencing this CVE). If applying via IBM PEM, follow their patch...

6.5CVSS6.9AI score0.03394EPSS
CVE
CVE
added 2021/07/13 7:15 a.m.317 views

CVE-2021-35517

CVE-2021-35517 affects Apache Commons Compress tar handling. The vulnerability, triggered by reading a specially crafted TAR archive, can cause Compress to allocate excessive memory, potentially leading to an out-of-memory condition and a denial-of-service against services using Compress’ tar pac...

7.5CVSS7.5AI score0.10614EPSS
CVE
CVE
added 2019/08/29 12:0 a.m.231 views

CVE-2019-12402

CVE-2019-12402 affects Apache Commons Compress 1.15–1.18, where the internal file-name encoding can loop infinitely and cause DoS when processing crafted archives. Connected docs show multiple vendors referencing this CVE in product advisories (e.g., Atlassian Confluence with dependency notes; IB...

7.5CVSS7.1AI score0.16157EPSS
CVE
CVE
added 2020/01/14 2:28 p.m.159 views

CVE-2019-12399

CVE-2019-12399 affects Apache Kafka Connect: when Connect workers are configured with config providers and a connector uses an externalized secret variable within a substring of a configuration value, an attacker can request a cluster’s task configuration and receive the plaintext secret instead ...

7.5CVSS7.3AI score0.03915EPSS
CVE
CVE
added 2021/11/01 8:35 a.m.155 views

CVE-2021-41973

CVE-2021-41973 affects Apache MINA, where a specially crafted HTTP request can cause the HTTP Header decoder to loop indefinitely, leading to a denial of service. The root cause is the decoder assuming headers begin at the buffer start and looping if extra data is present. Mitigation: upgrade MIN...

6.5CVSS6.4AI score0.04332EPSS
CVE
CVE
added 2022/04/19 8:38 p.m.135 views

CVE-2022-21475

CVE-2022-21475 affects Oracle Banking Payments (Oracle Financial Services Applications, Infrastructure component) and is tied to version 14.5. The vulnerability allows a low-privilege, network-accessible attacker over HTTP to compromise data: unauthorized create/delete/modify access to critical d...

5.9CVSS5.8AI score0.00609EPSS
CVE
CVE
added 2020/01/15 4:34 p.m.66 views

CVE-2020-2712

CVE-2020-2712 affects the Oracle Banking Payments component (Core) of Oracle Financial Services Applications. Affected supported versions are 14.1.0–14.3.0 . The vulnerability allows an unauthenticated attacker with network access via HTTP to compromise Oracle Banking Payments. The attack can res...

5.8CVSS4.9AI score0.01002EPSS
CVE
CVE
added 2018/07/18 1:0 p.m.65 views

CVE-2018-3021

CVE-2018-3021 affects the Oracle Banking Payments component of Oracle Financial Services Applications (Payments Core). Affected versions are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. The vulnerability allows an unauthenticated attacker over HTTP to read a subset of Oracle Banking Payments data (...

5.3CVSS4.4AI score0.02066EPSS
CVE
CVE
added 2018/07/18 1:0 p.m.61 views

CVE-2018-3022

CVE-2018-3022 affects Oracle Banking Payments (Payments Core) within Oracle Financial Services Applications. Affected versions are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. The vulnerability allows a low-privilege attacker with network access via HTTP to compromise the service, enabling a hang o...

6.5CVSS6.2AI score0.0223EPSS
CVE
CVE
added 2020/01/15 4:34 p.m.56 views

CVE-2020-2710

Oracle Banking Payments (Oracle Financial Services Applications, Core) is affected in versions 14.1.0–14.3.0. A low-privilege, network-based attacker with HTTP access can compromise data confidentiality and integrity. CVSSv3.0 base score is 5.4 (C:L, I:L; A:N; PR:L; AV:N). The connected documents...

5.5CVSS4.8AI score0.00814EPSS
CVE
CVE
added 2018/04/19 2:0 a.m.55 views

CVE-2018-2747

Oracle Financial Services Applications – Banking Corporate Lending Core module (versions 12.3.0, 12.4.0, 12.5.0 and 14.0.0) is affected by CVE-2018-2747. A low-privilege, network-accessible attacker via HTTP can access data in the Banking Corporate Lending component, leading to potential unauthor...

6.5CVSS6.1AI score0.0195EPSS
CVE
CVE
added 2018/04/19 2:0 a.m.54 views

CVE-2018-2748

CVE-2018-2748 affects Oracle Banking Corporate Lending (Core module) within Oracle Financial Services Applications. Affected versions include 12.3.0, 12.4.0, 12.5.0 and 14.0.0. The vulnerability is exploitable over HTTP by an unauthenticated attacker and, per the description, requires user intera...

6.1CVSS5.6AI score0.01498EPSS
CVE
CVE
added 2018/04/19 2:0 a.m.53 views

CVE-2018-2746

The CVE-2018-2746 entry refers to a vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (Core module). Affected are versions 12.3.0, 12.4.0, 12.5.0 and 14.0.0. The vulnerability can be exploited by a low-privileged attacker with network access...

7.1CVSS6.8AI score0.0162EPSS
CVE
CVE
added 2018/07/18 1:0 p.m.53 views

CVE-2018-3024

CVE-2018-3024 affects Oracle Banking Payments (Payments Core) within Oracle Financial Services Applications. Affected supported versions are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. The vulnerability is exploitable by a low-privilege attacker with network access over HTTP, enabling unauthorized...

5.5CVSS4.7AI score0.01236EPSS
CVE
CVE
added 2018/07/18 1:0 p.m.53 views

CVE-2018-3026

CVE-2018-3026 affects Oracle Banking Payments within Oracle Financial Services Applications (subcomponent: Payments Core). Vulnerable versions are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. The issue allows a low-privilege attacker who can reach the service over HTTP, with user interaction, to po...

5.4CVSS5AI score0.01077EPSS
CVE
CVE
added 2018/07/18 1:0 p.m.53 views

CVE-2018-3027

CVE-2018-3027 affects Oracle Banking Payments (Oracle Financial Services Applications, Payments Core) and targets multiple supported versions: 12.2.0, 12.3.0, 12.4.0, 12.5.0, and 14.1.0. The vulnerability enables a low-privilege attacker with network access over HTTP to compromise Oracle Banking ...

8.1CVSS7.7AI score0.02033EPSS
CVE
CVE
added 2020/01/15 4:34 p.m.53 views

CVE-2020-2713

CVE-2020-2713 affects the Oracle Banking Payments product (Oracle Financial Services Applications), specifically the Core component, with affected versions 14.1.0–14.3.0. The vulnerability allows a low-privileged, network-accessible attacker (via HTTP) to compromise Oracle Banking Payments, poten...

7.1CVSS6.8AI score0.01123EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.52 views

CVE-2018-2708

CVE-2018-2708 affects the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Affected versions are 12.3.0 and 12.4.0. The vulnerability is described as difficult to exploit but allows a low-privileged attacker with network access via HTTP to...

5.3CVSS5AI score0.01169EPSS
CVE
CVE
added 2018/04/19 2:0 a.m.51 views

CVE-2018-2749

CVE-2018-2749 : Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (Core module). Affected versions: 12.3.0, 12.4.0, 12.5.0, and 14.0.0. An attacker with network access via HTTP and low privileges can exploit this flaw, with user interaction ...

5.4CVSS5AI score0.01046EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.50 views

CVE-2018-2705

CVE-2018-2705 affects Oracle Banking Payments (Payments Core) in Oracle Financial Services Applications, with affected versions 12.3.0 and 12.4.0. The vulnerability is exploitable by a low-privilege attacker who has network access via HTTP and can compromise Oracle Banking Payments, potentially l...

8.8CVSS8.2AI score0.0174EPSS
CVE
CVE
added 2018/07/18 1:0 p.m.50 views

CVE-2018-3023

CVE-2018-3023 affects Oracle Banking Payments (subcomponent: Payments Core) within Oracle Financial Services Applications. Affected supported versions are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. The vulnerability enables a low-privileged attacker with network access via HTTP to compromise Orac...

5.5CVSS4.9AI score0.01611EPSS
CVE
CVE
added 2020/01/15 4:34 p.m.50 views

CVE-2020-2711

The CVE-2020-2711 entry concerns Oracle Banking Payments (Core) in Oracle Financial Services Applications. Affected versions are 14.1.0–14.3.0. The vulnerability is exploitable by a low-privilege actor over HTTP from the network, potentially leading to unauthorized access to data within Oracle Ba...

6.5CVSS6.1AI score0.01321EPSS
CVE
CVE
added 2020/01/15 4:34 p.m.50 views

CVE-2020-2714

The CVE-2020-2714 entry concerns Oracle Banking Payments within Oracle Financial Services Applications (component: Core). Affected versions are 14.1.0–14.3.0. The vulnerability allows a low-privileged attacker with network access over HTTP to read data from Oracle Banking Payments, as described i...

4.3CVSS3.5AI score0.0094EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.48 views

CVE-2018-2704

CVE-2018-2704 affects the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). The vulnerability is present in supported versions 12.3.0 and 12.4.0 and is exploitable over the network via HTTP by a low-privileged attacker, potentially granting...

8.1CVSS7.7AI score0.01807EPSS
CVE
CVE
added 2018/07/18 1:0 p.m.47 views

CVE-2018-3020

CVE-2018-3020 affects Oracle Banking Payments (Oracle Financial Services Applications), specifically the Payments Core subcomponent. Affected versions are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. The vulnerability is described as easily exploitable with network access over HTTP by a low-privile...

6.5CVSS5.6AI score0.01437EPSS
CVE
CVE
added 2018/07/18 1:0 p.m.47 views

CVE-2018-3025

CVE-2018-3025 is a vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (Payments Core). Affected versions are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. The flaw is exploitable by a low-privilege attacker over HTTP with network access, leading to poten...

5.3CVSS5AI score0.01612EPSS
CVE
CVE
added 2020/10/21 2:4 p.m.46 views

CVE-2020-14896

The CVE-2020-14896 entry concerns Oracle Banking Payments (Core) in Oracle Financial Services Applications, affected in versions 14.1.0–14.4.0. The vulnerability allows a low-privilege, unauthenticated attacker over HTTP on the network to access sensitive data, with an impact described as data co...

6.8CVSS6.3AI score0.01508EPSS
CVE
CVE
added 2018/07/18 1:0 p.m.45 views

CVE-2018-2896

CVE-2018-2896 affects the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent Payments Core). Affected supported versions are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. The vulnerability is exploitable by an unauthenticated attacker with network access via HT...

6.1CVSS5.6AI score0.01542EPSS
CVE
CVE
added 2023/04/18 7:54 p.m.45 views

CVE-2023-21915

CVE-2023-21915 affects Oracle Banking Payments (Oracle Financial Services Applications), specifically the Book/Internal Transfer component, with affected versions 14.5–14.7. The vulnerability is described as insufficient input validation allowing a low-privilege, network-accessible attacker (via ...

4.6CVSS4AI score0.00382EPSS