Vulnerabilities > Oracle > Flexcube Core Banking > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-13 | CVE-2021-29425 | Path Traversal vulnerability in multiple products In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. | 4.8 |
| 2020-04-15 | CVE-2020-2955 | Unspecified vulnerability in Oracle Flexcube Core Banking 4.0 Vulnerability in the Oracle FLEXCUBE Core Banking product of Oracle Financial Services Applications (component: Transaction Processing). | 6.3 |
| 2019-04-22 | CVE-2019-10247 | Information Exposure vulnerability in multiple products In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. | 5.3 |
| 2019-04-22 | CVE-2019-10246 | Information Exposure vulnerability in multiple products In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents. | 5.3 |
| 2019-04-22 | CVE-2019-10241 | Cross-site Scripting vulnerability in multiple products In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents. | 6.1 |
| 2018-08-02 | CVE-2018-8032 | Cross-site Scripting vulnerability in multiple products Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services. | 6.1 |
| 2018-04-19 | CVE-2018-2807 | Unspecified vulnerability in Oracle Flexcube Core Banking 11.5.0/11.6.0/11.7.0 Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Securities). | 6.1 |
| 2017-01-27 | CVE-2016-8324 | Improper Access Control vulnerability in Oracle Flexcube Core Banking 11.5.0/5.1.0/5.2.0 Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Core). | 5.3 |
| 2017-01-27 | CVE-2016-8323 | Improper Access Control vulnerability in Oracle Flexcube Core Banking 11.5.0/5.1.0/5.2.0 Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Core). | 5.4 |
| 2017-01-27 | CVE-2016-8322 | Information Exposure vulnerability in Oracle Flexcube Core Banking 11.5.0/5.1.0/5.2.0 Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Core). | 4.3 |