Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5819 | 1 Moxa | 10 Oncell G3100v2, Oncell G3100v2 Firmware, Oncell G3111 and 7 more | 2020-02-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Moxa G3100V2 Series, editions prior to Version 2.8, and OnCell G3111/G3151/G3211/G3251 Series, editions prior to Version 1.7 allows a reflected cross-site scripting attack which may allow an attacker to execute arbitrary script code in the user’s browser within the trust relationship between their browser and the server. | |||||
| CVE-2019-19663 | 1 Maxum | 1 Rumpus | 2020-02-10 | 5.8 MEDIUM | 6.5 MEDIUM |
| A CSRF vulnerability exists in the Folder Sets Settings of Web File Manager in Rumpus FTP 8.2.9.1. This allows an attacker to Create/Delete Folders after exploiting it at RAPR/FolderSetsSet.html. | |||||
| CVE-2013-3636 | 1 Projectpier | 1 Projectpier | 2020-02-10 | 3.5 LOW | 5.4 MEDIUM |
| ProjectPier 0.8.8 has a Remote Information Disclosure Weakness because of the lack of the HttpOnly cookie flag | |||||
| CVE-2013-3637 | 1 Projectpier | 1 Projectpier | 2020-02-10 | 3.5 LOW | 5.4 MEDIUM |
| ProjectPier 0.8.8 does not use the Secure flag for cookies | |||||
| CVE-2013-0192 | 1 Simplemachines | 1 Simple Machines Forum | 2020-02-10 | 4.0 MEDIUM | 4.9 MEDIUM |
| File Disclosure in SMF (SimpleMachines Forum) <= 2.0.3: Forum admin can read files such as the database config. | |||||
| CVE-2019-10782 | 1 Checkstyle | 1 Checkstyle | 2020-02-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| All versions of com.puppycrawl.tools:checkstyle before 8.29 are vulnerable to XML External Entity (XXE) Injection due to an incomplete fix for CVE-2019-9658. | |||||
| CVE-2010-3917 | 1 Google | 1 Chrome | 2020-02-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| Google Chrome before 3.0 does not properly handle XML documents, which allows remote attackers to obtain sensitive information via a crafted web site. | |||||
| CVE-2013-3096 | 1 Dlink | 2 Dir865l, Dir865l Firmware | 2020-02-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| D-Link DIR865L v1.03 suffers from an "Unauthenticated Hardware Linking" vulnerability. | |||||
| CVE-2013-2008 | 1 Automattic | 1 Wp Super Cache | 2020-02-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| WordPress Super Cache Plugin 1.3 has XSS. | |||||
| CVE-2013-5112 | 1 Evernote | 1 Evernote | 2020-02-10 | 2.1 LOW | 4.6 MEDIUM |
| Evernote before 5.5.1 has insecure PIN storage | |||||
| CVE-2020-5526 | 1 Fujixerox | 1 Apeosware Management Suite | 2020-02-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| The AWMS Mobile App for Android 2.0.0 to 2.0.5 and for iOS 2.0.0 to 2.0.8 does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2020-7108 | 1 Learndash | 1 Learndash | 2020-02-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| The LearnDash LMS plugin before 3.1.2 for WordPress allows XSS via the ld-profile search field. | |||||
| CVE-2013-3067 | 1 Linksys | 2 Wrt310n, Wrt310n Firmware | 2020-02-10 | 3.5 LOW | 5.4 MEDIUM |
| Linksys WRT310Nv2 2.0.0.1 is vulnerable to XSS. | |||||
| CVE-2017-18229 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2020-02-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allows attackers to cause a denial of service via a crafted file, because file size is not properly used to restrict scanline, strip, and tile allocations. | |||||
| CVE-2017-18230 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2020-02-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadCINEONImage in coders/cineon.c, which allows attackers to cause a denial of service via a crafted file. | |||||
| CVE-2017-18231 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2020-02-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadEnhMetaFile in coders/emf.c, which allows attackers to cause a denial of service via a crafted file. | |||||
| CVE-2018-0497 | 2 Arm, Debian | 2 Mbed Tls, Debian Linux | 2020-02-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery (for a CBC based ciphersuite) via a timing-based side-channel attack. This vulnerability exists because of an incorrect fix (with a wrong SHA-384 calculation) for CVE-2013-0169. | |||||
| CVE-2018-0498 | 2 Arm, Debian | 2 Mbed Tls, Debian Linux | 2020-02-10 | 1.9 LOW | 4.7 MEDIUM |
| ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery (for a CBC based ciphersuite) via a cache-based side-channel attack. | |||||
| CVE-2011-1084 | 1 Smoothwall | 1 Smoothwall Express | 2020-02-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Smoothwall Express 3. | |||||
| CVE-2012-2593 | 1 Atmail | 1 Atmail | 2020-02-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the administrative interface in Atmail Webmail Server 6.4 allows remote attackers to inject arbitrary web script or HTML via the Date field of an email. | |||||
| CVE-2016-2201 | 1 Siemens | 15 Simatic S7-1500 Cpu Firmware, Simatic S7-1511-1 Pn Cpu, Simatic S7-1511c-1 Pn Cpu and 12 more | 2020-02-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to bypass a replay protection mechanism via packets on TCP port 102. | |||||
| CVE-2013-3635 | 1 Projectpier | 1 Projectpier | 2020-02-10 | 3.5 LOW | 5.4 MEDIUM |
| ProjectPier 0.8.8 has stored XSS | |||||
| CVE-2020-8811 | 1 Bludit | 1 Bludit | 2020-02-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated users to change other users' profile pictures. | |||||
| CVE-2011-1086 | 1 Openfiler | 1 Openfiler | 2020-02-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in admin/system.html in Openfiler 2.3 allows remote attackers to inject arbitrary web script or HTML via the device parameter. | |||||
| CVE-2020-8812 | 1 Bludit | 1 Bludit | 2020-02-10 | 3.5 LOW | 5.4 MEDIUM |
| ** DISPUTED ** Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor. NOTE: the vendor's perspective is that this is "not a bug." | |||||
| CVE-2014-9126 | 1 Open-school | 1 Open-school | 2020-02-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Open-School Community Edition 2.2 allow remote attackers to inject arbitrary web script or HTML via the YII_CSRF_TOKEN HTTP cookie or the StudentDocument, StudentCategories, StudentPreviousDatas parameters to index.php. | |||||
| CVE-2014-9127 | 1 Open-school | 1 Open-school | 2020-02-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Open-School Community Edition 2.2 does not properly restrict access to the export functionality, which allows remote authenticated users to obtain sensitive information via the r parameter with the value export to index.php. | |||||
| CVE-2013-1631 | 1 Veraxsystems | 1 Network Management System | 2020-02-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| Verax NMS prior to 2.1.0 leaks connection details when any user executes a Repair Table action | |||||
| CVE-2013-1351 | 1 Veraxsystems | 1 Network Management System | 2020-02-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| Verax NMS prior to 2.10 allows authentication via the encrypted password without knowing the cleartext password. | |||||
| CVE-2020-5720 | 1 Mikrotik | 1 Winbox | 2020-02-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| MikroTik WinBox before 3.21 is vulnerable to a path traversal vulnerability that allows creation of arbitrary files wherevere WinBox has write permissions. WinBox is vulnerable to this attack if it connects to a malicious endpoint or if an attacker mounts a man in the middle attack. | |||||
| CVE-2016-7523 | 1 Imagemagick | 1 Imagemagick | 2020-02-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. | |||||
| CVE-2016-7524 | 1 Imagemagick | 1 Imagemagick | 2020-02-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. | |||||
| CVE-2016-10878 | 1 Flippercode | 1 Google Map | 2020-02-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-google-map-plugin plugin before 3.1.2 for WordPress has XSS. | |||||
| CVE-2016-10867 | 1 Tipsandtricks-hq | 1 All In One Wp Security \& Firewall | 2020-02-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| The all-in-one-wp-security-and-firewall plugin before 4.0.6 for WordPress has XSS in settings pages. | |||||
| CVE-2020-3149 | 1 Cisco | 1 Identity Services Engine | 2020-02-07 | 3.5 LOW | 4.8 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack on an affected device. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by providing malicious data to a specific field within the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco ISE Software releases 2.7.0 and later contains the fix for this vulnerability. | |||||
| CVE-2020-2512 | 1 Oracle | 1 Database Server | 2020-02-07 | 4.3 MEDIUM | 5.9 MEDIUM |
| Vulnerability in the Database Gateway for ODBC component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Database Gateway for ODBC. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2020-2515 | 1 Oracle | 1 Database Server | 2020-02-07 | 6.0 MEDIUM | 5.0 MEDIUM |
| Vulnerability in the Database Gateway for ODBC component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Database Gateway for ODBC accessible data as well as unauthorized read access to a subset of Database Gateway for ODBC accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Database Gateway for ODBC. CVSS 3.0 Base Score 5.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L). | |||||
| CVE-2020-2519 | 1 Oracle | 1 Weblogic Server | 2020-02-07 | 4.3 MEDIUM | 4.3 MEDIUM |
| Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). | |||||
| CVE-2020-2527 | 1 Oracle | 1 Database Server | 2020-02-07 | 4.0 MEDIUM | 4.1 MEDIUM |
| Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Index, Create Table privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Core RDBMS accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N). | |||||
| CVE-2020-2550 | 1 Oracle | 1 Weblogic Server | 2020-02-07 | 3.6 LOW | 5.1 MEDIUM |
| Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle WebLogic Server executes to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data as well as unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 5.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N). | |||||
| CVE-2020-2552 | 1 Oracle | 1 Weblogic Server | 2020-02-07 | 4.9 MEDIUM | 4.8 MEDIUM |
| Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N). | |||||
| CVE-2020-2557 | 1 Oracle | 1 Demantra Demand Management | 2020-02-07 | 4.3 MEDIUM | 4.7 MEDIUM |
| Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: Security). Supported versions that are affected are 12.2.4, 12.2.4.1, 12.2.5 and 12.2.5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Demantra Demand Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Demantra Demand Management accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N). | |||||
| CVE-2020-2558 | 1 Oracle | 1 Solaris | 2020-02-07 | 5.0 MEDIUM | 5.8 MEDIUM |
| Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMB to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.0 Base Score 5.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L). | |||||
| CVE-2020-2559 | 1 Oracle | 1 Siebel Ui Framework | 2020-02-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: UIF Open UI). Supported versions that are affected are 19.7 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2020-2564 | 1 Oracle | 1 Siebel Ui Framework | 2020-02-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: EAI). Supported versions that are affected are 19.10 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2020-2617 | 1 Oracle | 1 Enterprise Manager Base Platform | 2020-02-07 | 6.5 MEDIUM | 6.0 MEDIUM |
| Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Discovery Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L). | |||||
| CVE-2020-2642 | 1 Oracle | 1 Enterprise Manager Base Platform | 2020-02-07 | 6.5 MEDIUM | 6.0 MEDIUM |
| Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L). | |||||
| CVE-2020-2656 | 1 Oracle | 1 Solaris | 2020-02-07 | 3.6 LOW | 4.4 MEDIUM |
| Vulnerability in the Oracle Solaris product of Oracle Systems (component: X Window System). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data as well as unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). | |||||
| CVE-2020-2687 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2020-02-07 | 4.3 MEDIUM | 4.3 MEDIUM |
| Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N). | |||||
| CVE-2020-2722 | 1 Oracle | 1 Flexcube Investor Servicing | 2020-02-07 | 5.8 MEDIUM | 5.4 MEDIUM |
| Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.1.0-12.4.0 and 14.0.0-14.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N). | |||||