Oracle

Flexcube Private Banking

75 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2020-11998

  • EPSS 7.58%
  • Published 10.09.2020 19:15:13
  • Last modified 21.11.2024 04:59:05

A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack: https:...

9.8

CVE-2020-5413

  • EPSS 2.18%
  • Published 31.07.2020 20:15:13
  • Last modified 21.11.2024 05:34:07

Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" ...

6.1

CVE-2020-1941

  • EPSS 5.3%
  • Published 14.05.2020 17:15:12
  • Last modified 21.11.2024 05:11:39

In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.

9.8

CVE-2020-11973

  • EPSS 8.42%
  • Published 14.05.2020 17:15:12
  • Last modified 21.11.2024 04:59:01

Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.

9.8

CVE-2020-11972

  • EPSS 8.39%
  • Published 14.05.2020 17:15:12
  • Last modified 21.11.2024 04:59:01

Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.

7.5

CVE-2020-11971

  • EPSS 2.05%
  • Published 14.05.2020 17:15:12
  • Last modified 21.11.2024 04:59:00

Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0.

6.3

CVE-2020-1945

  • EPSS 0.02%
  • Published 14.05.2020 16:15:12
  • Last modified 21.11.2024 05:11:42

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files fr...

4.3

CVE-2020-9488

  • EPSS 0.01%
  • Published 27.04.2020 16:15:12
  • Last modified 21.11.2024 05:40:45

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Lo...

5.5

CVE-2020-9489

  • EPSS 0.56%
  • Published 27.04.2020 14:15:11
  • Last modified 21.11.2024 05:40:45

A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and...

5.5

CVE-2020-1951

  • EPSS 0.34%
  • Published 23.03.2020 14:15:13
  • Last modified 21.11.2024 05:11:43

A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23.