Vulnerabilities > Oracle > Banking Payments
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-15 | CVE-2020-2712 | Unspecified vulnerability in Oracle Banking Payments 14.1.0/14.3.0 Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). network oracle | 5.8 |
| 2020-01-15 | CVE-2020-2711 | Unspecified vulnerability in Oracle Banking Payments 14.1.0/14.3.0 Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). | 4.0 |
| 2020-01-15 | CVE-2020-2710 | Unspecified vulnerability in Oracle Banking Payments 14.1.0/14.3.0 Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). | 5.5 |
| 2020-01-14 | CVE-2019-12399 | Cleartext Transmission of Sensitive Information vulnerability in multiple products When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration property value, then any client can issue a request to the same Connect cluster to obtain the connector's task configuration and the response will contain the plaintext secret rather than the externalized secrets variables. | 7.5 |
| 2019-10-23 | CVE-2019-12415 | XXE vulnerability in multiple products In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing. | 5.5 |
| 2019-08-30 | CVE-2019-12402 | Infinite Loop vulnerability in multiple products The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. | 7.5 |
| 2019-07-26 | CVE-2019-13990 | XXE vulnerability in multiple products initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description. | 9.8 |
| 2018-07-18 | CVE-2018-3027 | Unspecified vulnerability in Oracle Banking Payments Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). | 5.5 |
| 2018-07-18 | CVE-2018-3026 | Unspecified vulnerability in Oracle Banking Payments Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). network oracle | 4.9 |
| 2018-07-18 | CVE-2018-3025 | Unspecified vulnerability in Oracle Banking Payments Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). network oracle | 3.5 |