Banking Platform

banking_platform

Vendor: Oracle • 72 CVEs

CVEs (72)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-11358 11Backdropcms DebianDrupal+8 more 105Agile Product Lifecycle Management For Process Application ExpressApplication Service Level Management+102 more Nov 21, 2024 Apr 20, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ p...Show more jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.Show less
CVE-2018-14721 4Debian FasterxmlOracle+1 more 12Banking Platform Communications Billing And Revenue ManagementDebian Linux+9 more Nov 21, 2024 Jan 2, 2019 N/A· v4 10.0 CRITICAL· v3 7.5 HIGH· v2 FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.
CVE-2018-14720 4Debian FasterxmlOracle+1 more 12Banking Platform Communications Billing And Revenue ManagementDebian Linux+9 more Nov 21, 2024 Jan 2, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.
CVE-2018-14719 5Debian FasterxmlNetapp+2 more 20Banking Platform Business Process Management SuiteClusterware+17 more Nov 21, 2024 Jan 2, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.
CVE-2018-14718 5Debian FasterxmlNetapp+2 more 25Banking Platform Business Process Management SuiteCommunications Billing And Revenue Management+22 more Nov 21, 2024 Jan 2, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
CVE-2018-3246 1Oracle 9Banking Platform Business Process Management SuiteCommunications Converged Application Server+6 more Nov 21, 2024 Oct 17, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allow...Show more Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).Show less
CVE-2018-1000613 4Bouncycastle NetappOpensuse+1 more 24Api Gateway Banking PlatformBc Java+21 more May 12, 2025 Jul 9, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vuln...Show more Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.Show less
CVE-2017-7525 5Debian FasterxmlNetapp+2 more 21Banking Platform Communications Billing And Revenue ManagementCommunications Communications Policy Management+18 more Nov 21, 2024 Feb 6, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to t...Show more A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.Show less
CVE-2017-15095 5Debian FasterxmlNetapp+2 more 24Banking Platform ClusterwareCommunications Billing And Revenue Management+21 more Nov 21, 2024 Feb 6, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readV...Show more A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.Show less
CVE-2015-9251 2Jquery Oracle 47Agile Product Lifecycle Management For Process Banking PlatformBusiness Process Management Suite+44 more Nov 21, 2024 Jan 18, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
CVE-2017-5645 4Apache NetappOracle+1 more 79Api Gateway Application Testing SuiteAutovue Vuelink Integration+76 more May 13, 2026 Apr 17, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, c...Show more In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.Show less
CVE-2016-1181 2Apache Oracle 3Banking Platform PortalStruts May 6, 2026 Jul 4, 2016 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory...Show more ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899.Show less

Previous 1 2 34