Product:

Flexcube_private_banking

(Oracle)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 75
Date Id Summary Products Score Patch Annotated
2019-07-26 CVE-2019-13990 initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description. Tomee, Apache_batik_mapviewer, Banking_enterprise_originations, Banking_enterprise_product_manufacturing, Banking_payments, Communications_ip_service_activator, Communications_session_route_manager, Customer_management_and_segmentation_foundation, Documaker, Enterprise_manager_base_platform, Enterprise_manager_ops_center, Flexcube_investor_servicing, Flexcube_private_banking, Fusion_middleware_mapviewer, Google_guava_mapviewer, Hyperion_infrastructure_technology, Jd_edwards_enterpriseone_orchestrator, Primavera_unifier, Retail_back_office, Retail_central_office, Retail_integration_bus, Retail_order_broker, Retail_point\-Of\-Service, Retail_returns_management, Retail_xstore_point_of_service, Terracotta_quartz_scheduler_mapviewer, Webcenter_sites, Quartz 9.8
2019-10-08 CVE-2019-17359 The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64. Tomee, Legion\-Of\-The\-Bouncy\-Castle\-Java\-Crytography\-Api, Active_iq_unified_manager, Oncommand_api_services, Oncommand_workflow_automation, Service_level_manager, Business_process_management_suite, Communications_convergence, Communications_diameter_signaling_router, Communications_session_route_manager, Data_integrator, Financial_services_analytical_applications_infrastructure, Flexcube_private_banking, Hospitality_guest_access, Managed_file_transfer, Peoplesoft_enterprise_hcm_global_payroll_switzerland, Peoplesoft_enterprise_peopletools, Retail_xstore_point_of_service, Soa_suite, Webcenter_portal, Weblogic_server 7.5
2020-03-23 CVE-2020-1950 A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23. Tika, Ubuntu_linux, Debian_linux, Business_process_management_suite, Communications_messaging_server, Flexcube_private_banking 5.5
2020-03-23 CVE-2020-1951 A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23. Tika, Ubuntu_linux, Debian_linux, Business_process_management_suite, Communications_messaging_server, Flexcube_private_banking 5.5
2020-04-27 CVE-2020-9489 A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser. Apache Tika users should upgrade to 1.24.1 or later. The vulnerabilities in the MP4Parser were partially fixed by upgrading the com.googlecode:isoparser:1.1.22 dependency to org.tallison:isoparser:1.9.41.2. For unrelated security... Tika, Communications_messaging_server, Flexcube_private_banking, Primavera_unifier, Webcenter_portal 5.5
2021-07-21 CVE-2021-2351 Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products.... Advanced_networking_option, Agile_engineering_data_management, Agile_plm, Agile_product_lifecycle_management_for_process, Airlines_data_model, Application_performance_management, Application_testing_suite, Argus_analytics, Argus_insight, Argus_mart, Argus_safety, Banking_apis, Banking_digital_experience, Banking_enterprise_default_management, Banking_platform, Big_data_spatial_and_graph, Blockchain_platform, Clinical, Commerce_platform, Communications_application_session_controller, Communications_billing_and_revenue_management, Communications_calendar_server, Communications_contacts_server, Communications_convergent_charging_controller, Communications_data_model, Communications_design_studio, Communications_diameter_intelligence_hub, Communications_ip_service_activator, Communications_metasolv_solution, Communications_network_charging_and_control, Communications_network_integrity, Communications_pricing_design_center, Communications_services_gatekeeper, Communications_session_report_manager, Communications_session_route_manager, Data_integrator, Demantra_demand_management, Documaker, Enterprise_data_quality, Enterprise_manager_base_platform, Enterprise_manager_ops_center, Financial_services_analytical_applications_infrastructure, Financial_services_behavior_detection_platform, Financial_services_enterprise_case_management, Financial_services_foreign_account_tax_compliance_act_management, Financial_services_model_management_and_governance, Financial_services_trade\-Based_anti_money_laundering, Flexcube_investor_servicing, Flexcube_private_banking, Fusion_middleware, Goldengate, Goldengate_application_adapters, Graph_server_and_client, Health_sciences_clinical_development_analytics, Health_sciences_inform_crf_submit, Health_sciences_information_manager, Healthcare_data_repository, Healthcare_foundation, Healthcare_translational_research, Hospitality_inventory_management, Hospitality_opera_5, Hospitality_suite8, Hyperion_infrastructure_technology, Ilearning, Instantis_enterprisetrack, Insurance_data_gateway, Insurance_insbridge_rating_and_underwriting, Insurance_policy_administration, Insurance_rules_palette, Jd_edwards_enterpriseone_tools, Oss_support_tools, Peoplesoft_enterprise_peopletools, Policy_automation, Primavera_analytics, Primavera_data_warehouse, Primavera_gateway, Primavera_p6_enterprise_project_portfolio_management, Primavera_p6_professional_project_management, Primavera_unifier, Product_lifecycle_analytics, Rapid_planning, Real_user_experience_insight, Retail_analytics, Retail_assortment_planning, Retail_back_office, Retail_central_office, Retail_customer_insights, Retail_extract_transform_and_load, Retail_financial_integration, Retail_integration_bus, Retail_merchandising_system, Retail_order_broker, Retail_order_management_system, Retail_point\-Of\-Service, Retail_predictive_application_server, Retail_price_management, Retail_returns_management, Retail_service_backbone, Retail_store_inventory_management, Retail_xstore_point_of_service, Siebel_ui_framework, Spatial_studio, Storagetek_acsls, Storagetek_tape_analytics, Thesaurus_management_system, Timesten_in\-Memory_database, Utilities_framework, Utilities_testing_accelerator, Weblogic_server, Zfs_storage_application_integration_engineering_software 8.3
2019-01-18 CVE-2019-3773 Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources. Financial_services_analytical_applications_infrastructure, Flexcube_private_banking, Spring_web_services 9.8
2020-05-14 CVE-2020-11973 Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0. Camel, Communications_diameter_signaling_router, Enterprise_manager_base_platform, Flexcube_private_banking 9.8
2020-05-14 CVE-2020-1941 In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue. Activemq, Communications_diameter_signaling_router, Communications_element_manager, Communications_session_report_manager, Communications_session_route_manager, Enterprise_repository, Flexcube_private_banking 6.1
2021-09-19 CVE-2021-40690 All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element. Cxf, Tomee, Xml_security_for_java, Debian_linux, Agile_plm, Commerce_guided_search, Commerce_platform, Communications_diameter_intelligence_hub, Communications_messaging_server, Flexcube_private_banking, Outside_in_technology, Peoplesoft_enterprise_peopletools, Retail_bulk_data_integration, Retail_financial_integration, Retail_integration_bus, Retail_merchandising_system, Retail_service_backbone, Weblogic_server 7.5