Vulnerabilities > Oracle > Flexcube Private Banking > High

DATE CVE VULNERABILITY TITLE RISK
2019-08-20 CVE-2019-10086 Deserialization of Untrusted Data vulnerability in multiple products
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects.
7.3
2019-05-28 CVE-2019-0188 XXE vulnerability in multiple products
Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library.
network
low complexity
oracle apache CWE-611
7.5
2019-05-01 CVE-2019-0227 Server-Side Request Forgery (SSRF) vulnerability in multiple products
A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006.
high complexity
apache oracle CWE-918
7.5
2019-04-22 CVE-2019-5427 XML Entity Expansion vulnerability in multiple products
c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.
network
low complexity
mchange fedoraproject oracle CWE-776
7.5
2018-10-18 CVE-2018-15756 Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource.
network
low complexity
vmware oracle debian
7.5
2018-09-10 CVE-2018-11775 Improper Certificate Validation vulnerability in multiple products
TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server.
network
high complexity
apache oracle CWE-295
7.4
2018-06-25 CVE-2018-11040 Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products
Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests.
network
low complexity
vmware oracle debian CWE-829
7.5
2017-04-24 CVE-2017-3476 Unspecified vulnerability in Oracle Flexcube Private Banking
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous).
network
low complexity
oracle
7.1
2017-04-24 CVE-2017-3472 Unspecified vulnerability in Oracle Flexcube Private Banking
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Portfolio Management).
network
low complexity
oracle
8.1
2017-01-27 CVE-2016-8312 Improper Access Control vulnerability in Oracle Flexcube Private Banking 12.0.1/2.0.1/2.2.0
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search).
network
low complexity
oracle CWE-284
8.2