Vulnerabilities > Oracle > Flexcube Core Banking > 11.5.0

DATE CVE VULNERABILITY TITLE RISK
2020-10-23 CVE-2020-27216 In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system.
local
high complexity
eclipse netapp oracle apache debian
7.0
2020-04-27 CVE-2020-9488 Improper Certificate Validation vulnerability in multiple products
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender.
network
high complexity
apache oracle debian qos CWE-295
3.7
2019-04-22 CVE-2019-10247 Information Exposure vulnerability in multiple products
In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path.
network
low complexity
eclipse netapp oracle debian CWE-200
5.3
2019-04-22 CVE-2019-10246 Information Exposure vulnerability in multiple products
In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents.
network
low complexity
eclipse netapp oracle CWE-200
5.3
2019-04-22 CVE-2019-10241 Cross-site Scripting vulnerability in multiple products
In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.
network
low complexity
eclipse debian apache oracle CWE-79
6.1
2018-04-19 CVE-2018-2807 Unspecified vulnerability in Oracle Flexcube Core Banking 11.5.0/11.6.0/11.7.0
Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Securities).
network
low complexity
oracle
6.1
2017-01-27 CVE-2016-8324 Improper Access Control vulnerability in Oracle Flexcube Core Banking 11.5.0/5.1.0/5.2.0
Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Core).
network
low complexity
oracle CWE-284
5.3
2017-01-27 CVE-2016-8323 Improper Access Control vulnerability in Oracle Flexcube Core Banking 11.5.0/5.1.0/5.2.0
Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Core).
network
low complexity
oracle CWE-284
5.4
2017-01-27 CVE-2016-8322 Information Exposure vulnerability in Oracle Flexcube Core Banking 11.5.0/5.1.0/5.2.0
Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Core).
network
low complexity
oracle CWE-200
4.3
2017-01-27 CVE-2016-8314 7PK - Security Features vulnerability in Oracle Flexcube Core Banking 11.5.0/5.1.0/5.2.0
Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Core).
network
high complexity
oracle CWE-254
3.1