Oracle

Flexcube Private Banking

75 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2020-11998

  • EPSS 7.58%
  • Veröffentlicht 10.09.2020 19:15:13
  • Zuletzt bearbeitet 21.11.2024 04:59:05

A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack: https:...

9.8

CVE-2020-5413

  • EPSS 2.18%
  • Veröffentlicht 31.07.2020 20:15:13
  • Zuletzt bearbeitet 21.11.2024 05:34:07

Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" ...

6.1

CVE-2020-1941

  • EPSS 5.3%
  • Veröffentlicht 14.05.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 05:11:39

In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.

9.8

CVE-2020-11973

  • EPSS 8.42%
  • Veröffentlicht 14.05.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 04:59:01

Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.

9.8

CVE-2020-11972

  • EPSS 8.39%
  • Veröffentlicht 14.05.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 04:59:01

Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.

7.5

CVE-2020-11971

  • EPSS 2.05%
  • Veröffentlicht 14.05.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 04:59:00

Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0.

6.3

CVE-2020-1945

  • EPSS 0.02%
  • Veröffentlicht 14.05.2020 16:15:12
  • Zuletzt bearbeitet 21.11.2024 05:11:42

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files fr...

4.3

CVE-2020-9488

  • EPSS 0.01%
  • Veröffentlicht 27.04.2020 16:15:12
  • Zuletzt bearbeitet 21.11.2024 05:40:45

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Lo...

5.5

CVE-2020-9489

  • EPSS 0.56%
  • Veröffentlicht 27.04.2020 14:15:11
  • Zuletzt bearbeitet 21.11.2024 05:40:45

A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and...

5.5

CVE-2020-1951

  • EPSS 0.34%
  • Veröffentlicht 23.03.2020 14:15:13
  • Zuletzt bearbeitet 21.11.2024 05:11:43

A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23.