VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
>
Oracle
>
Flexcube Private Banking
> 12.0.0
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2021-01-27
CVE-2021-26117
Improper Authentication vulnerability in multiple products
The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server.
network
low complexity
apache
netapp
debian
oracle
CWE-287
7.5
7.5
2020-11-28
CVE-2020-27218
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body.
network
high complexity
eclipse
netapp
oracle
apache
debian
4.8
4.8
2020-10-23
CVE-2020-27216
In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system.
local
high complexity
eclipse
netapp
oracle
apache
debian
7.0
7.0
2020-10-01
CVE-2020-11979
As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them.
network
low complexity
apache
gradle
fedoraproject
oracle
7.5
7.5
2020-09-19
CVE-2020-5421
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
network
high complexity
vmware
oracle
netapp
6.5
6.5
2020-09-10
CVE-2020-13920
Missing Authentication for Critical Function vulnerability in multiple products
Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry.
network
high complexity
apache
oracle
debian
CWE-306
5.9
5.9
2020-09-10
CVE-2020-11998
A regression has been introduced in the commit preventing JMX re-bind.
network
low complexity
apache
oracle
critical
9.8
9.8
2020-07-31
CVE-2020-5413
Deserialization of Untrusted Data vulnerability in multiple products
Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization.
network
low complexity
vmware
oracle
CWE-502
critical
9.8
9.8
2020-05-14
CVE-2020-1941
Cross-site Scripting vulnerability in multiple products
In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.
network
low complexity
apache
oracle
CWE-79
6.1
6.1
2020-05-14
CVE-2020-11973
Deserialization of Untrusted Data vulnerability in multiple products
Apache Camel Netty enables Java deserialization by default.
network
low complexity
apache
oracle
CWE-502
critical
9.8
9.8
«
1
(current)
2
3
4
5
»
Next