Vulnerabilities > Oracle > Flexcube Private Banking

DATE CVE VULNERABILITY TITLE RISK
2020-07-31 CVE-2020-5413 Deserialization of Untrusted Data vulnerability in multiple products
Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization.
network
low complexity
vmware oracle CWE-502
critical
9.8
2020-05-14 CVE-2020-1941 Cross-site Scripting vulnerability in multiple products
In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.
network
low complexity
apache oracle CWE-79
6.1
2020-05-14 CVE-2020-11973 Deserialization of Untrusted Data vulnerability in multiple products
Apache Camel Netty enables Java deserialization by default.
network
low complexity
apache oracle CWE-502
critical
9.8
2020-05-14 CVE-2020-11972 Deserialization of Untrusted Data vulnerability in multiple products
Apache Camel RabbitMQ enables Java deserialization by default.
network
low complexity
apache oracle CWE-502
critical
9.8
2020-05-14 CVE-2020-11971 Apache Camel's JMX is vulnerable to Rebind Flaw.
network
low complexity
apache oracle
7.5
2020-05-14 CVE-2020-1945 Exposure of Resource to Wrong Sphere vulnerability in multiple products
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information.
6.3
2020-04-27 CVE-2020-9488 Improper Certificate Validation vulnerability in multiple products
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender.
network
high complexity
apache oracle debian qos CWE-295
3.7
2020-04-27 CVE-2020-9489 Infinite Loop vulnerability in multiple products
A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser.
local
low complexity
apache oracle CWE-835
5.5
2020-03-23 CVE-2020-1951 Infinite Loop vulnerability in multiple products
A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23.
local
low complexity
apache oracle debian canonical CWE-835
5.5
2020-03-23 CVE-2020-1950 Resource Exhaustion vulnerability in multiple products
A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23.
local
low complexity
apache oracle debian canonical CWE-400
5.5