Every CVE whose affected-product data names Matera Banco, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2018-14925 — CVSS 9.8 (critical): Matera Banco 1.0.0 mishandles Java errors in the backend, as demonstrated by a stack trace revealing use of net.sf.acegisecurity components.
CVE-2018-14926 — CVSS 8.8 (high): Matera Banco 1.0.0 allows CSRF, as demonstrated by a /contingency/web/messageSend/messageSendHandler.jsp request.
CVE-2018-14928 — CVSS 7.5 (high): /contingency/servlet/ServletFileDownload executes as root and provides unauthenticated access to files via the file parameter.
CVE-2018-14924 — CVSS 6.1 (medium): Matera Banco 1.0.0 is vulnerable to multiple stored XSS, as demonstrated by the sca/privilegio/consultarUsuario.jsf "Nome Completo" (aka…
CVE-2018-14929 — CVSS 6.1 (medium): Matera Banco 1.0.0 is vulnerable to multiple reflected XSS, as demonstrated by the /contingency/web/index.jsp (aka home page) url parameter.
CVE-2018-14927 — CVSS 5.3 (medium): Matera Banco 1.0.0 is vulnerable to path traversal (allowing access to system files outside the default application folder) via the…