threat
engine
.sh
Back
·
··:··
Home
/
Product
/
oracle flexcube private banking
Product
oracle flexcube private banking
75 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2021-43859
all versions
XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote att
7.5
HIGH
CVE-2021-44832
all versions
Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code
6.6
MEDIUM
CVE-2021-40690
all versions
All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureVali
7.5
HIGH
CVE-2021-2351
all versions
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1
8.3
HIGH
CVE-2021-26117
all versions
The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache Act
7.5
HIGH
CVE-2020-27218
all versions
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP
4.8
MEDIUM
CVE-2020-27216
all versions
In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Uni
7.0
HIGH
CVE-2020-11979
all versions
As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current u
7.5
HIGH
CVE-2020-5421
all versions
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the pr
6.5
MEDIUM
CVE-2020-13920
all versions
Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It
5.9
MEDIUM
CVE-2020-11998
all versions
A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer,
9.8
CRITICAL
CVE-2020-5413
all versions
Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. When Kryo is config
9.8
CRITICAL
CVE-2020-1941
all versions
In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.
6.1
MEDIUM
CVE-2020-11973
all versions
Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are aff
9.8
CRITICAL
CVE-2020-11972
all versions
Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are
9.8
CRITICAL
CVE-2020-11971
all versions
Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users
7.5
HIGH
CVE-2020-1945
all versions
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.
6.3
MEDIUM
CVE-2020-9488
all versions
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be in
3.7
LOW
CVE-2020-9489
all versions
A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause
5.5
MEDIUM
CVE-2020-1951
all versions
A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23.
5.5
MEDIUM
CVE-2020-1950
all versions
A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23.
5.5
MEDIUM
CVE-2020-5397
all versions
Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring
5.3
MEDIUM
CVE-2020-5398
all versions
In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an applica
7.5
HIGH
CVE-2019-17573
all versions
By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage i
6.1
MEDIUM
CVE-2019-12423
all versions
Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can
7.5
HIGH
CVE-2019-10219
all versions
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting
6.1
MEDIUM
CVE-2019-12419
all versions
Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect servic
9.8
CRITICAL
CVE-2019-12406
all versions
Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message. This leaves ope
6.5
MEDIUM
CVE-2019-12415
all versions
In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially cra
5.5
MEDIUM
CVE-2019-2904
all versions
Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that
9.8
CRITICAL
CVE-2019-17359
all versions
The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMe
7.5
HIGH
CVE-2019-12402
all versions
The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced
7.5
HIGH
CVE-2019-10086
all versions
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker
7.3
HIGH
CVE-2019-13990
all versions
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a jo
9.8
CRITICAL
CVE-2019-0188
all versions
Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vuln
7.5
HIGH
CVE-2019-0227
all versions
A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Secur
7.5
HIGH
CVE-2019-5427
all versions
c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections again
7.5
HIGH
CVE-2019-10247
all versions
In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jett
5.3
MEDIUM
CVE-2019-10246
all versions
In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualifie
5.3
MEDIUM
CVE-2019-3773
all versions
Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External
9.8
CRITICAL
CVE-2018-15756
all versions
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on t
7.5
HIGH
CVE-2018-11775
all versions
TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable t
7.4
HIGH
CVE-2018-8032
all versions
Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.
6.1
MEDIUM
CVE-2018-11040
all versions
Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications
7.5
HIGH
CVE-2018-1257
all versions
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows application
6.5
MEDIUM
CVE-2018-10237
all versions
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service a
5.9
MEDIUM
CVE-2017-10103
all versions
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellane
6.5
MEDIUM
CVE-2017-10023
all versions
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Operations
6.5
MEDIUM
CVE-2017-10022
all versions
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Operations
4.3
MEDIUM
CVE-2017-10012
all versions
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Operations
5.4
MEDIUM
CVE-2017-10011
all versions
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellane
5.5
MEDIUM
CVE-2017-10010
all versions
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: FileUpload
4.6
MEDIUM
CVE-2017-10009
all versions
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellane
4.3
MEDIUM
CVE-2017-10008
all versions
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellane
4.3
MEDIUM
CVE-2017-10007
all versions
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellane
4.3
MEDIUM
CVE-2017-10006
all versions
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellane
6.5
MEDIUM
CVE-2017-10005
all versions
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellane
6.1
MEDIUM
CVE-2017-3479
all versions
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellane
5.4
MEDIUM
CVE-2017-3478
all versions
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellane
5.4
MEDIUM
CVE-2017-3477
all versions
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellane
4.2
MEDIUM
CVE-2017-3476
all versions
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellane
7.1
HIGH
CVE-2017-3475
all versions
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellane
5.0
MEDIUM
CVE-2017-3473
all versions
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellane
4.3
MEDIUM
CVE-2017-3472
all versions
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Portfolio
8.1
HIGH
CVE-2017-3471
all versions
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellane
4.7
MEDIUM
CVE-2016-8313
all versions
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product /
4.1
MEDIUM
CVE-2016-8312
all versions
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product /
8.2
HIGH
CVE-2016-8308
all versions
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product /
4.3
MEDIUM
CVE-2016-8300
all versions
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product /
5.3
MEDIUM
CVE-2016-8298
all versions
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product /
8.1
HIGH
CVE-2016-8282
all versions
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product /
6.1
MEDIUM
CVE-2016-5623
all versions
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product /
5.4
MEDIUM
CVE-2016-5614
all versions
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product /
4.3
MEDIUM
CVE-2016-5493
all versions
Unspecified vulnerability in the Oracle FLEXCUBE Private Banking component in Oracle Financial Services Applications 12.0.1 throug
4.2
MEDIUM
CVE-2013-4316
all versions
Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin