Flexcube core banking

This hub aggregates every CVE we track for Flexcube core banking, a product in the databases space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Flexcube core banking.

• CVE-2021-29425Possible limited path traversal vulnerabily in Apache Commons IO4.8Apr 13, 2021
• CVE-2020-27216In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between ...7.0Oct 23, 2020
• CVE-2020-10683dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing ...9.8May 1, 2020
• CVE-2020-9488Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log me...3.7Apr 27, 2020
• CVE-2020-2955Vulnerability in the Oracle FLEXCUBE Core Banking product of Oracle Financial Services Applications (component: Transaction Processing). The supported version that is affected is 4.0. Easily exploi...6.3Apr 15, 2020
• CVE-2019-0227A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subve...7.5May 1, 2019
• CVE-2019-10247In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified di...5.3Apr 22, 2019
• CVE-2019-10246In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when i...5.3Apr 22, 2019
• CVE-2019-10241In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultSe...6.1Apr 22, 2019
• CVE-2018-8032Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.6.1Aug 2, 2018
• CVE-2018-2807Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Securities). Supported versions that are affected are 11.5.0, 11.6.0 and 11.7.0....6.1Apr 19, 2018
• CVE-2017-14735OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL.6.1Sep 25, 2017
• CVE-2017-5645In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent tha...9.8Apr 17, 2017
• CVE-2016-8324Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 5.1.0, 5.2.0 and 11.5.0. Easily ...5.3Jan 27, 2017
• CVE-2016-8323Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 5.1.0, 5.2.0 and 11.5.0. Easily ...5.4Jan 27, 2017