National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:oracle:banking_platform:2.5.0
There are 2 matching records.
Vuln ID Summary CVSS Severity
CVE-2018-12023

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.

Published: March 21, 2019; 12:00:12 PM -04:00
V3: 7.5 HIGH
V2: 5.1 MEDIUM
CVE-2016-1181

ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899.

Published: July 04, 2016; 06:59:01 PM -04:00
V3: 8.1 HIGH
V2: 6.8 MEDIUM