Vulnerabilities > Oracle > Flexcube Private Banking

DATE CVE VULNERABILITY TITLE RISK
2020-01-17 CVE-2020-5397 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints.
network
low complexity
vmware oracle CWE-352
5.3
2020-01-17 CVE-2020-5398 Download of Code Without Integrity Check vulnerability in multiple products
In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input.
network
high complexity
vmware oracle netapp CWE-494
7.5
2020-01-16 CVE-2019-17573 Cross-site Scripting vulnerability in multiple products
By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses.
network
low complexity
apache oracle CWE-79
6.1
2020-01-16 CVE-2019-12423 Insufficiently Protected Credentials vulnerability in multiple products
Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service.
network
low complexity
apache oracle CWE-522
7.5
2019-11-08 CVE-2019-10219 A vulnerability was found in Hibernate-Validator.
network
low complexity
redhat netapp oracle
6.1
2019-11-06 CVE-2019-12419 Incorrect Authorization vulnerability in multiple products
Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect service.
network
low complexity
apache oracle CWE-863
critical
9.8
2019-11-06 CVE-2019-12406 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message.
network
low complexity
apache oracle CWE-770
6.5
2019-10-23 CVE-2019-12415 XXE vulnerability in multiple products
In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.
local
low complexity
apache oracle CWE-611
5.5
2019-10-16 CVE-2019-2904 Unspecified vulnerability in Oracle products
Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces).
network
low complexity
oracle
critical
9.8
2019-10-08 CVE-2019-17359 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data.
network
low complexity
bouncycastle apache netapp oracle CWE-770
7.5