CVE-2021-45105

Summary of CVE-2021-45105 (Log4j2) : Affected Log4j 2.x versions 2.0-alpha1 through 2.16.0 (except 2.12.3 and 2.3.1) are vulnerable to denial of service via uncontrolled recursion triggered by self-referential lookups in Thread Context Map data. The root cause is improper handling of self-referen...

CVE-2021-37714

CVE-2021-37714 affects jsoup (Java HTML parser) versions prior to 1.14.2. When parsing untrusted HTML/XML, the parser may loop, slow down, or throw exceptions, enabling a denial-of-service condition. A fix is available in jsoup 1.14.2. Workarounds include rate-limiting parsing input, capping inpu...

CVE-2021-36090

CVE-2021-36090 affects Apache Commons Compress zip handling: reading a specially crafted ZIP can allocate excessive memory, causing an out-of-memory DoS. Supported details from IBM/AWS advisories point to a fix in Commons Compress (upgrade to 1.21+; e.g., Amazon Linux advisories list apache-commo...

CVE-2022-23437

Technical specifics for CVE-2022-23437 (Xerces-J infinite loop in XML parsing) are not disclosed in the provided connected documents. Monitor for vendor/maintainer updates; current entries reference the issue but do not provide detailed root-cause, affected versions beyond 2.12.1, or fixes.

CVE-2021-35515

CVE-2021-35515 is an infinite-loop denial-of-service in Apache Commons Compress when reading a crafted 7Z archive. The issue arises during the construction of the codecs list used to decompress an entry, potentially consuming unbounded CPU and impacting services that rely on the sevenz package. C...

CVE-2021-30129

CVE-2021-30129 affects Apache Mina SSHD's sshd-core; a crafted request can trigger an OutOfMemory DoS in the SFTP and port forwarding features. Remediation: upgrade to Apache Mina SSHD 2.7.0 (fix documented in the IBM PEM advisory referencing this CVE). If applying via IBM PEM, follow their patch...

CVE-2021-35517

CVE-2021-35517 affects Apache Commons Compress tar handling. The vulnerability, triggered by reading a specially crafted TAR archive, can cause Compress to allocate excessive memory, potentially leading to an out-of-memory condition and a denial-of-service against services using Compress’ tar pac...

CVE-2021-35516

CVE-2021-35516 affects Apache Commons Compress (the sevenz package). A specially crafted 7Z archive can cause the library to allocate excessive memory, ultimately causing an out-of-memory condition and a denial-of-service on services that use Compress’ sevenz component. The initial description do...

CVE-2020-11987

CVE-2020-11987 – SSRF in Apache Batik 1.13 . The initial description confirms a server-side request forgery via improper input validation in NodePickerPanel, enabling an attacker to make arbitrary GET requests from the server. Connected documents corroborate concrete remediation actions across ve...

CVE-2021-31811

CVE-2021-31811: Apache PDFBox 2.0.23 and earlier is vulnerable to an OutOfMemoryError when loading a crafted PDF. IBM/QRadar advisories confirm the issue and recommend upgrading PDFBox to v2.0.24 (via PJ46568 iFix/FIXPACK) or newer.

CVE-2021-27807

CVE-2021-27807 affects Apache PDFBox 2.0.22 and earlier 2.0.x. The issue arises when loading a crafted PDF, triggering an infinite loop and causing denial of service. Connected IBM advisories confirm the same description and map remediation to upgrading to fixed PDFBox versions via product-specif...

CVE-2021-27906

CVE-2021-27906 affects Apache PDFBox; a crafted PDF can trigger an OutOfMemoryError when loading, impacting PDFBox 2.0.22 and earlier 2.0.x. The connected IBM/QRadar security bulletin confirms the same CVE ID and notes remediation: upgrade to IBM Cognos-related 2.0.6.12, then apply FixPack 2.0.6....

CVE-2019-12399

CVE-2019-12399 affects Apache Kafka Connect: when Connect workers are configured with config providers and a connector uses an externalized secret variable within a substring of a configuration value, an attacker can request a cluster’s task configuration and receive the plaintext secret instead ...

CVE-2021-41973

CVE-2021-41973 affects Apache MINA, where a specially crafted HTTP request can cause the HTTP Header decoder to loop indefinitely, leading to a denial of service. The root cause is the decoder assuming headers begin at the buffer start and looping if extra data is present. Mitigation: upgrade MIN...

CVE-2022-21472

CVE-2022-21472 affects Oracle FLEXCUBE Universal Banking (Infrastructure component). Affected versions: 12.4, 14.0–14.3, and 14.5. The vulnerability is exploitable by a low-privileged attacker over HTTP with network access, requiring user interaction. Impact includes unauthorized creation/modific...

CVE-2022-21576

CVE-2022-21576 affects Oracle FLEXCUBE Universal Banking (Infrastructure) for Oracle Financial Services Applications. Affects supported versions 12.3, 12.4, 14.0–14.3 and 14.5. Description: a difficult-to-exploit vulnerability allows a low-privileged, network-accessible attacker over HTTP to comp...

CVE-2019-2754

This CVE affects Oracle FLEXCUBE Universal Banking (Infrastructure subcomponent). Affected versions are 12.0.1–12.0.3, 12.1.0–12.4.0 and 14.0.0–14.2.0. An attacker with network access via HTTP and low privileges can compromise the system, potentially causing unauthorized creation, deletion or mod...

CVE-2022-21428

The CVE-2022-21428 entry affects Oracle FLEXCUBE Universal Banking (Infrastructure) and is observed in Oracle Financial Services Applications across versions 12.1–12.4, 14.0–14.3, and 14.5. Described as an input-validation/logic flaw, it allows a low-privilege attacker with network access over HT...

CVE-2022-21578

CVE-2022-21578 affects Oracle FLEXCUBE Universal Banking (Infrastructure) with affected versions 12.1–12.4, 14.0–14.3, and 14.5. The vulnerability allows a low-privileged, network-accessing attacker (via HTTP) to cause unauthorized data modification or access, and may enable partial denial of ser...

CVE-2022-21544

Oracle FLEXCUBE Universal Banking (Infrastructure) is affected by CVE-2022-21544. Affected versions: 12.1–12.4, 14.0–14.3, and 14.5. The vulnerability allows a low-privileged attacker with network access over HTTP to compromise the system, with user interaction required. Impact is takeover of the...

CVE-2022-21577

CVE-2022-21577 affects Oracle FLEXCUBE Universal Banking (Infrastructure) across 12.1–12.4, 14.0–14.3 and 14.5. The vulnerability can be exploited over HTTP by a low-privilege user with network access and requires user interaction; successful attacks may lead to unauthorized data creation/deletio...

CVE-2022-21579

CVE-2022-21579 affects Oracle FLEXCUBE Universal Banking (Infrastructure) with affected versions 12.1–12.4, 14.0–14.3 and 14.5. The issue is exploitable by a low-privilege attacker over HTTP with network access, requiring user interaction; impact includes unauthorized creation/deletion/modificati...

CVE-2021-2324

The CVE-2021-2324 entry concerns Oracle FLEXCUBE Universal Banking (Loans and Deposits). Affected supported versions are 12.0–12.4 and 14.0–14.4. The vulnerability allows a low-privileged attacker with network access via HTTP to compromise data, with exploitation requiring user interaction. Impac...

CVE-2021-2323

The CVE-2021-2323 issue affects Oracle FLEXCUBE Universal Banking, specifically the Flex-Branch component. Affected versions include 12.3, 12.4, and 14.0–14.4. The vulnerability allows an unauthenticated attacker, over HTTP with network access, to compromise Oracle FLEXCUBE Universal Banking, pot...

CVE-2020-2699

CVE-2020-2699 affects Oracle FLEXCUBE Universal Banking (component: Infrastructure). Vulnerable versions: 12.0.1–12.4.0 and 14.0.0–14.3.0. Low-privileged attacker with network access via HTTP can compromise Oracle FLEXCUBE Universal Banking, potentially leading to unauthorized access to critical ...

CVE-2023-22118

CVE-2023-22118 affects Oracle FLEXCUBE Universal Banking (Infrastructure) with affected versions 12.3, 12.4, 14.0–14.3 and 14.5–14.7. Vulnerability allows a low‑privileged attacker with network access via HTTP, with required user interaction, to modify/read data and cause a partial DOS. Mitigatio...

CVE-2016-8297

CVE-2016-8297 affects Oracle FLEXCUBE Universal Banking Core in Oracle Financial Services Applications. Affected versions include 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. The vulnerability allows a low-privileged attacker to remotely access via HTTP and perform unauthorized crea...

CVE-2017-3535

CVE-2017-3535 affects the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Affected versions are 11.3.0, 11.4.0, 12.0.1, 12.0.2 and 12.0.3. The vulnerability allows an unauthenticated attacker with network access via HTTP to com...

CVE-2019-2794

CVE-2019-2794 concerns a vulnerability in the Oracle FLEXCUBE Universal Banking component (Infrastructure subcomponent) of Oracle Financial Services Applications. Affected versions include 12.0.1–12.0.3, 12.1.0–12.4.0, and 14.0.0–14.2.0. The flaw allows an unauthenticated attacker with network ac...

CVE-2020-2683

The CVE-2020-2683 entry concerns Oracle FLEXCUBE Universal Banking (Oracle Financial Services Applications), specifically the Infrastructure component. Affected versions are 12.0.1–12.4.0 and 14.0.0–14.3.0. The vulnerability allows a low-privileged, network-attached attacker (HTTPS) to read and m...

CVE-2016-8299

CVE-2016-8299 affects Oracle FLEXCUBE Universal Banking (Core) across multiple supported versions (11.3.0, 11.4.0, 12.0.1–12.2.0). The vulnerability lies in the Core subcomponent and is exploitable by a low-privileged attacker with network access over HTTP, potentially allowing unauthorized updat...

CVE-2017-10072

CVE-2017-10072 affects Oracle FLEXCUBE Universal Banking in Oracle Financial Services Applications. Affected versions include 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0 and 12.3.0. The vulnerability allows a low-privileged attacker with network access via HTTP to compromise data: unau...

CVE-2017-10073

CVE-2017-10073 affects Oracle FLEXCUBE Universal Banking (Infrastructure subcomponent). Affected versions: 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0. Described as easily exploitable: a low-privileged attacker with network access via HTTP can compromise data, with possible una...

CVE-2017-10085

The CVE-2017-10085 entry concerns Oracle FLEXCUBE Universal Banking (Infrastructure) in Oracle Financial Services Applications. Affects versions 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, and 12.3.0. The vulnerability allows a low-privileged attacker with network access over HTTP to ...

CVE-2017-10084

The CVE-2017-10084 entry concerns Oracle FLEXCUBE Universal Banking, specifically the Report Generator subcomponent. Affected releases include 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0 and 12.3.0. The vulnerability allows a low-privileged attacker with network access via HTTP to comp...

CVE-2018-2748

CVE-2018-2748 affects Oracle Banking Corporate Lending (Core module) within Oracle Financial Services Applications. Affected versions include 12.3.0, 12.4.0, 12.5.0 and 14.0.0. The vulnerability is exploitable over HTTP by an unauthenticated attacker and, per the description, requires user intera...

CVE-2017-10098

CVE-2017-10098 affects Oracle FLEXCUBE Universal Banking (Infrastructure subcomponent) in multiple supported releases (11.3.0, 11.4.0, 12.0.1–12.3.0). The flaw enables a low-privilege attacker who can access the service over HTTP to perform unauthorized read, update, insert, or delete actions on ...

CVE-2017-3314

CVE-2017-3314 affects Oracle FLEXCUBE Universal Banking (Oracle Financial Services Applications, Core subcomponent). Affected versions are 12.0.0, 12.1.0 and 12.2.0. The vulnerability enables an unauthenticated attacker who can access over HTTP to compromise the application; exploitation requires...

CVE-2018-2746

The CVE-2018-2746 entry refers to a vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (Core module). Affected are versions 12.3.0, 12.4.0, 12.5.0 and 14.0.0. The vulnerability can be exploited by a low-privileged attacker with network access...

CVE-2023-22117

CVE-2023-22117 affects Oracle FLEXCUBE Universal Banking (Infrastructure component). Vulnerable versions: 12.3, 12.4, 14.0–14.3, and 14.5–14.7. Root cause cited in connected sources: insufficient input validation in the Infrastructure component, enabling a low-privileged attacker with network acc...

CVE-2017-3235

CVE-2017-3235 affects the Oracle FLEXCUBE Universal Banking component (Core subcomponent) of Oracle Financial Services Applications. Affected supported versions are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. The vulnerability allows physical access to compromise the system, enabli...

CVE-2018-2747

Oracle Financial Services Applications – Banking Corporate Lending Core module (versions 12.3.0, 12.4.0, 12.5.0 and 14.0.0) is affected by CVE-2018-2747. A low-privilege, network-accessible attacker via HTTP can access data in the Banking Corporate Lending component, leading to potential unauthor...

CVE-2019-2840

CVE-2019-2840 affects Oracle FLEXCUBE Universal Banking (Infrastructure) with affected versions 12.0.1–12.0.3, 12.1.0–12.4.0 and 14.0.0–14.2.0. A low-privilege attacker who can reach the system over HTTP can exploit this vulnerability, and user interaction is required. Successful exploitation can...

CVE-2020-2700

CVE-2020-2700 affects Oracle FLEXCUBE Universal Banking (Infrastructure) with affected versions 12.0.1–12.4.0 and 14.0.0–14.3.0. The vulnerability allows a low-privileged attacker with network access via HTTP to read a subset of data from the system. The root cause and exact vulnerable component ...

CVE-2023-22119

The CVE affects Oracle FLEXCUBE Universal Banking (Infrastructure) in Oracle Financial Services Applications, with affected versions 12.3, 12.4, 14.0–14.3 and 14.5–14.7. The underlying issue is insufficient input validation, allowing a low-privileged attacker with network access via HTTP to compr...

CVE-2016-8307

CVE-2016-8307 affects Oracle FLEXCUBE Universal Banking (Core). The vulnerability is exploitable over HTTP by an unauthenticated attacker with network access, potentially allowing read access to a subset of data in supported Oracle FLEXCUBE versions 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 ...

CVE-2017-10083

CVE-2017-10083 affects the Oracle FLEXCUBE Universal Banking component (Infrastructure) of Oracle Financial Services Applications, affecting versions 11.3.0, 11.4.0, 12.0.1–12.3.0. The vulnerability is exploitable by an unauthenticated attacker with network access via HTTP, with user interaction ...

CVE-2017-3481

CVE-2017-3481 affects Oracle FLEXCUBE Universal Banking (Infrastructure subcomponent) in Oracle Financial Services Applications. Affected versions are 11.3.0, 11.4.0 and 12.0.1. The vulnerability is exploitable by a low-privileged attacker over HTTP and can lead to partial denial of service again...

CVE-2018-2974

CVE-2018-2974 concerns Oracle FLEXCUBE Universal Banking (Infrastructure subcomponent) within Oracle Financial Services Applications. Affected versions are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. The vulnerability is exploitable by a low-privileg...

CVE-2016-5619

Technical details for CVE-2016-5619 are not publicly available in the provided documents. No affected products, impacts, or remediation specifics are disclosed here. Monitor sources for updates.