Flexcube_private_banking - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Flexcube_private_banking
(Oracle)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	75

Date	Id	Summary	Products	Score	Patch	Annotated
2018-08-02	CVE-2018-8032	Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.	Axis, Debian_linux, Agile_engineering_data_management, Agile_product_lifecycle_management_framework, Application_testing_suite, Big_data_discovery, Communications_asap_cartridges, Communications_design_studio, Communications_element_manager, Communications_network_integrity, Communications_order_and_service_management, Communications_session_report_manager, Communications_session_route_manager, Endeca_information_discovery_studio, Enterprise_manager_base_platform, Enterprise_manager_for_fusion_middleware, Financial_services_analytical_applications_infrastructure, Financial_services_compliance_regulatory_reporting, Financial_services_funds_transfer_pricing, Flexcube_core_banking, Flexcube_private_banking, Hospitality_guest_access, Instantis_enterprisetrack, Internet_directory, Knowledge, Peoplesoft_enterprise_human_capital_management_human_resources, Peoplesoft_enterprise_peopletools, Policy_automation_connector_for_siebel, Primavera_gateway, Primavera_unifier, Rapid_planning, Real\-Time_decision_server, Retail_order_broker, Retail_xstore_point_of_service, Secure_global_desktop, Siebel_ui_framework, Tuxedo, Webcenter_portal	6.1
2018-09-10	CVE-2018-11775	TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default.	Activemq, Enterprise_repository, Flexcube_private_banking	7.4
2018-10-18	CVE-2018-15756	Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of...	Debian_linux, Agile_plm, Communications_brm_\-_elastic_charging_engine, Communications_converged_application_server_\-_service_controller, Communications_diameter_signaling_router, Communications_element_manager, Communications_online_mediation_controller, Communications_session_report_manager, Communications_session_route_manager, Communications_unified_inventory_management, Endeca_information_discovery_integrator, Enterprise_manager_for_fusion_applications, Enterprise_manager_ops_center, Financial_services_analytical_applications_infrastructure, Flexcube_private_banking, Goldengate_application_adapters, Healthcare_master_person_index, Identity_manager_connector, Insurance_calculation_engine, Insurance_policy_administration_j2ee, Insurance_rules_palette, Mysql_enterprise_monitor, Primavera_analytics, Primavera_gateway, Rapid_planning, Retail_advanced_inventory_planning, Retail_assortment_planning, Retail_clearance_optimization_engine, Retail_financial_integration, Retail_integration_bus, Retail_invoice_matching, Retail_markdown_optimization, Retail_order_broker, Retail_predictive_application_server, Retail_service_backbone, Retail_xstore_point_of_service, Tape_library_acsls, Webcenter_sites, Weblogic_server, Spring_framework	7.5
2019-04-22	CVE-2019-10246	In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents. This information reveal is restricted to only the content in the configured base resource directories.	Jetty, Element, Oncommand_system_manager, Snap_creator_framework, Snapcenter, Snapmanager, Storage_replication_adapter_for_clustered_data_ontap, Storage_services_connector, Vasa_provider_for_clustered_data_ontap, Virtual_storage_console, Autovue, Communications_analytics, Communications_element_manager, Communications_services_gatekeeper, Communications_session_report_manager, Communications_session_route_manager, Data_integrator, Endeca_information_discovery_integrator, Enterprise_manager_base_platform, Flexcube_core_banking, Flexcube_private_banking, Hospitality_guest_access, Rest_data_services, Retail_xstore_point_of_service, Unified_directory	5.3
2019-04-22	CVE-2019-10247	In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error,...	Debian_linux, Jetty, Element, Oncommand_system_manager, Snap_creator_framework, Snapcenter, Snapmanager, Storage_replication_adapter_for_clustered_data_ontap, Storage_services_connector, Vasa_provider_for_clustered_data_ontap, Virtual_storage_console, Autovue, Communications_analytics, Communications_element_manager, Communications_services_gatekeeper, Communications_session_report_manager, Communications_session_route_manager, Data_integrator, Endeca_information_discovery_integrator, Enterprise_manager_base_platform, Flexcube_core_banking, Flexcube_private_banking, Fmw_platform, Hospitality_guest_access, Retail_xstore_point_of_service, Unified_directory	5.3
2019-04-22	CVE-2019-5427	c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.	Fedora, C3p0, Communications_ip_service_activator, Communications_session_route_manager, Documaker, Enterprise_manager_base_platform, Enterprise_manager_ops_center, Flexcube_private_banking, Hyperion_infrastructure_technology, Retail_xstore_point_of_service, Webcenter_sites	7.5
2019-05-01	CVE-2019-0227	A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue.	Axis, Agile_engineering_data_management, Agile_product_lifecycle_management_framework, Application_testing_suite, Big_data_discovery, Communications_asap_cartridges, Communications_design_studio, Communications_element_manager, Communications_network_integrity, Communications_order_and_service_management, Communications_session_report_manager, Communications_session_route_manager, Endeca_information_discovery_studio, Enterprise_manager_base_platform, Enterprise_manager_for_fusion_middleware, Financial_services_analytical_applications_infrastructure, Financial_services_compliance_regulatory_reporting, Financial_services_funds_transfer_pricing, Flexcube_core_banking, Flexcube_private_banking, Hospitality_guest_access, Instantis_enterprisetrack, Internet_directory, Knowledge, Peoplesoft_enterprise_human_capital_management_human_resources, Peoplesoft_enterprise_peopletools, Policy_automation_connector_for_siebel, Primavera_gateway, Primavera_unifier, Rapid_planning, Real\-Time_decision_server, Retail_order_broker, Retail_xstore_point_of_service, Secure_global_desktop, Siebel_ui_framework, Tuxedo, Webcenter_portal	7.5
2019-05-28	CVE-2019-0188	Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed.	Camel, Enterprise_data_quality, Enterprise_manager_base_platform, Enterprise_repository, Flexcube_private_banking	7.5
2019-08-20	CVE-2019-10086	In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.	Commons_beanutils, Nifi, Debian_linux, Fedora, Leap, Agile_plm, Agile_product_lifecycle_management_integration_pack, Application_testing_suite, Banking_platform, Blockchain_platform, Communications_billing_and_revenue_management, Communications_billing_and_revenue_management_elastic_charging_engine, Communications_cloud_native_core_console, Communications_cloud_native_core_policy, Communications_cloud_native_core_unified_data_repository, Communications_convergence, Communications_design_studio, Communications_evolved_communications_application_server, Communications_metasolv_solution, Communications_network_integrity, Communications_performance_intelligence_center, Communications_pricing_design_center, Communications_unified_inventory_management, Customer_management_and_segmentation_foundation, Enterprise_manager_for_virtualization, Financial_services_revenue_management_and_billing_analytics, Flexcube_private_banking, Fusion_middleware, Healthcare_foundation, Hospitality_opera_5, Hospitality_reporting_and_analytics, Insurance_data_gateway, Jd_edwards_enterpriseone_orchestrator, Jd_edwards_enterpriseone_tools, Peoplesoft_enterprise_peopletools, Peoplesoft_enterprise_pt_peopletools, Primavera_gateway, Real\-Time_decisions_solutions, Retail_advanced_inventory_planning, Retail_back_office, Retail_central_office, Retail_invoice_matching, Retail_merchandising_system, Retail_point\-Of\-Service, Retail_predictive_application_server, Retail_price_management, Retail_returns_management, Retail_xstore_point_of_service, Service_bus, Solaris_cluster, Time_and_labor, Utilities_framework, Weblogic_server, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Jboss_enterprise_application_platform	7.3
2019-08-30	CVE-2019-12402	The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.	Commons_compress, Fedora, Banking_payments, Banking_platform, Communications_element_manager, Communications_ip_service_activator, Communications_session_report_manager, Communications_session_route_manager, Customer_management_and_segmentation_foundation, Essbase, Flexcube_investor_servicing, Flexcube_private_banking, Hyperion_infrastructure_technology, Jdeveloper, Peoplesoft_enterprise_pt_peopletools, Primavera_gateway, Retail_integration_bus, Retail_xstore_point_of_service, Webcenter_portal	7.5