Oracle Flexcube Core Banking — known CVE vulnerabilities
Every CVE whose affected-product data names Oracle Flexcube Core Banking, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (15)
CVE-2020-10683 — CVSS 9.8 (critical): dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However…
CVE-2019-0227 — CVSS 7.5 (high): A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and…
CVE-2020-27216 — CVSS 7.0 (high): In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like…
CVE-2020-2955 — CVSS 6.3 (medium): Vulnerability in the Oracle FLEXCUBE Core Banking product of Oracle Financial Services Applications (component: Transaction Processing)…
CVE-2018-2807 — CVSS 6.1 (medium): Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Securities). Supported…
CVE-2018-8032 — CVSS 6.1 (medium): Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.
CVE-2019-10241 — CVSS 6.1 (medium): In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote…
CVE-2016-8323 — CVSS 5.4 (medium): Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported…
CVE-2016-8324 — CVSS 5.3 (medium): Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported…
CVE-2019-10246 — CVSS 5.3 (medium): In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base…
CVE-2019-10247 — CVSS 5.3 (medium): In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version…
CVE-2021-29425 — CVSS 4.8 (medium): In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or…
CVE-2016-8322 — CVSS 4.3 (medium): Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported…
CVE-2020-9488 — CVSS 3.7 (low): Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted…
CVE-2016-8314 — CVSS 3.1 (low): Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported…