Flexcube Private Banking Security Vulnerabilities and Issues — Flexcube Private Banking CVE List

Lucene search

OracleFlexcube Private Banking

8 matches found

CVE•added 2019/07/26 7:15 p.m.•533 views

CVE-2019-13990

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.

9.8CVSS9AI score0.10416EPSS

CVE•added 2019/11/06 9:15 p.m.•208 views

CVE-2019-12419

Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect service. There is a vulnerability in the access token services, where it does not validate that the authenticated principal is equal to that of the supplied clientId parameter...

9.8CVSS9.1AI score0.01455EPSS

CVE•added 2019/10/16 6:15 p.m.•148 views

CVE-2019-2904

Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Orac...

9.8CVSS9.1AI score0.0533EPSS

CVE•added 2019/01/18 10:29 p.m.•141 views

CVE-2019-3773

Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.

9.8CVSS9.6AI score0.00311EPSS

CVE•added 2020/07/31 8:15 p.m.•123 views

CVE-2020-5413

Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data contains malicious cod...

9.8CVSS9.4AI score0.02178EPSS

CVE•added 2020/05/14 5:15 p.m.•103 views

CVE-2020-11972

Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.

9.8CVSS9.2AI score0.08393EPSS

CVE•added 2020/05/14 5:15 p.m.•100 views

CVE-2020-11973

Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.

9.8CVSS9.2AI score0.09483EPSS

CVE•added 2020/09/10 7:15 p.m.•95 views

CVE-2020-11998

A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack: https://docs.oracle.com/javase/8/docs/technotes/guides/...

9.8CVSS9.6AI score0.16601EPSS