Lucene search
K
OracleFlexcube Core Banking

15 matches found

CVE
CVE
added 2021/04/13 6:50 a.m.633 views

CVE-2021-29425

CVE-2021-29425 affects Apache Commons IO up to version 2.6, specifically FileNameUtils.normalize. With inputs such as "//../foo" or "\..\foo", normalization can yield a value that does not escape to higher directories, potentially enabling access to the parent directory if the resulting path is u...

5.8CVSS6.7AI score0.10608EPSS
In wild
CVE
CVE
added 2020/04/27 3:36 p.m.526 views

CVE-2020-9488

CVE-2020-9488 affects the Apache Log4j2 SMTP appender. The issue is improper validation of the SSL/TLS certificate when the host name does not match, potentially allowing a man-in-the-middle to intercept SMTPS traffic and leak log messages. The concrete remediation is to upgrade to affected relea...

4.3CVSS6AI score0.08096EPSS
CVE
CVE
added 2020/05/01 6:55 p.m.502 views

CVE-2020-10683

CVE-2020-10683 is described in IBM Bulletin sources as an XXE vulnerability in the dom4j library, allowing a remote authenticated attacker to obtain sensitive information through XML processing. The issue stems from dom4j handling External DTDs/Entities by default, and multiple IBM entries map th...

9.8CVSS9.2AI score0.07269EPSS
CVE
CVE
added 2019/04/22 8:14 p.m.354 views

CVE-2019-10247

CVE-2019-10247 affects Eclipse Jetty when configured to list contexts in 404 responses. Jetty versions 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older disclose the fully qualified directory base resource location in the HTML output of a not-found Context, via the DefaultHandler...

5.3CVSS6AI score0.05782EPSS
CVE
CVE
added 2020/10/23 12:5 a.m.301 views

CVE-2020-27216

CVE-2020-27216 affects Eclipse Jetty in Unix-like environments across versions 1.0–9.4.32.v20200930, 10.0.0.alpha1–10.0.0.beta2, and 11.0.0.alpha1–11.0.0.beta2O. It describes a race condition where the system temporary directory is shared among users, allowing a collocated user to observe the cre...

7CVSS6.9AI score0.043EPSS
CVE
CVE
added 2019/05/01 8:3 p.m.290 views

CVE-2019-0227

The CVE-2019-0227 entry concerns an SSRF in Apache Axis 1.4 (last released in 2006). The connected IBM bulletins confirm Axis 1.x vulnerability details and state Axis 2 is the successor, with 1.7.9 (Axis2) being not vulnerable. Affected Axis 1.x components are legacy; remediation is to upgrade to...

7.5CVSS8.3AI score0.86503EPSS
Web
CVE
CVE
added 2018/08/02 1:0 p.m.255 views

CVE-2018-8032

CVE-2018-8032 affects Apache Axis 1.x (up to 1.4) with a cross-site scripting (XSS) vulnerability in the default servlet/services. This vulnerability is documented in IBM/PM security bulletins linked to Axis, confirming an XSS flaw (CWE-79) in Axis 1.x and indicating broader IBM product exposure....

6.1CVSS5.8AI score0.10554EPSS
CVE
CVE
added 2019/04/22 8:14 p.m.229 views

CVE-2019-10241

CVE-2019-10241 affects Eclipse Jetty prior to specific release lines: 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older. The vulnerability is an XSS due to improper validation of user-supplied input by DefaultServlet and ResourceHandler when a remote client uses a specially crafted URL to ...

6.1CVSS6.1AI score0.09591EPSS
CVE
CVE
added 2019/04/22 8:14 p.m.127 views

CVE-2019-10246

CVE-2019-10246 is described in connected IBM security bulletins as an Eclipse Jetty vulnerability where a server configured to Listing directory contents could expose the fully-qualified Base Resource directory name to remote clients, potentially revealing sensitive information. IBM Cognos Analyt...

5.3CVSS5.6AI score0.04016EPSS
CVE
CVE
added 2017/01/27 10:1 p.m.52 views

CVE-2016-8324

The CVE-2016-8324 entry affects Oracle FLEXCUBE Core Banking (subcomponent: Core) with affected versions 5.1.0, 5.2.0, and 11.5.0. Root cause details are not explicitly provided in the documents, but the vulnerability enables an unauthenticated attacker with network access via HTTP to read data f...

5.3CVSS4.7AI score0.01679EPSS
CVE
CVE
added 2017/01/27 10:1 p.m.49 views

CVE-2016-8322

CVE-2016-8322 affects Oracle FLEXCUBE Core Banking (subcomponent: Core). Affected versions are 5.1.0, 5.2.0 and 11.5.0. The vulnerability allows a low-privilege, network-accessible attacker (HTTP) to read a subset of data in the Core Banking component. The CVSS v3 base score is 4.3 (Confidentiali...

4.3CVSS3.7AI score0.01281EPSS
CVE
CVE
added 2018/04/19 2:0 a.m.46 views

CVE-2018-2807

The CVE-2018-2807 entry affects Oracle Financial Services Applications’ FLEXCUBE Core Banking, Securities subcomponent, specifically versions 11.5.0, 11.6.0, and 11.7.0. The vulnerability allows an unauthenticated attacker with network access via HTTP to compromise FLEXCUBE Core Banking, with att...

6.1CVSS5.6AI score0.01498EPSS
CVE
CVE
added 2017/01/27 10:1 p.m.45 views

CVE-2016-8314

CVE-2016-8314 affects Oracle FLEXCUBE Core Banking (subcomponent: Core). Affected versions are 5.1.0, 5.2.0 and 11.5.0. The vulnerability is exploitable by a low-privileged attacker with network access over HTTP and can lead to unauthorized read access to a subset of data in Oracle FLEXCUBE Core ...

3.5CVSS3.2AI score0.01067EPSS
CVE
CVE
added 2017/01/27 10:1 p.m.42 views

CVE-2016-8323

CVE-2016-8323 affects Oracle FLEXCUBE Core Banking (Core subcomponent) in Oracle Financial Services Applications. Affected versions: 5.1.0, 5.2.0, 11.5.0. Vulnerability allows a low-privilege, network-accessing attacker over HTTP to perform unauthorized updates/inserts/deletes and read access to ...

5.5CVSS5AI score0.00932EPSS
CVE
CVE
added 2020/04/15 1:29 p.m.40 views

CVE-2020-2955

CVE-2020-2955 affects Oracle FLEXCUBE Core Banking, specifically the Transaction Processing component, in version 4.0. The vulnerability allows a low-privileged attacker with network access via HTTP to update, insert, or delete data and to read data, with a partial denial of service against FLEXC...

6.5CVSS5.7AI score0.00898EPSS