RSS   Vulnerabilities for 'Intellect core banking'   RSS

2019-04-30
 
CVE-2018-14931

CWE-601
 

 
An issue was discovered in the Core and Portal modules in Polaris FT Intellect Core Banking 9.7.1. An open redirect exists via a /IntellectMain.jsp?IntellectSystem= URI.

 
 
CVE-2018-14930

CWE-352
 

 
An issue was discovered in the Armor module in Polaris FT Intellect Core Banking 9.7.1. CSRF can occur via a /CollatWebApp/gcmsRefInsert?name=SUPP URI.

 
 
CVE-2018-14875

CWE-79
 

 
An issue was discovered in the Core and Portal modules in Polaris FT Intellect Core Banking 9.7.1. Reflected XSS exists with an authenticated session via the Customerid, formName, FrameId, or MODE parameter.

 
 
CVE-2018-14874

CWE-89
 

 
An issue was discovered in the Armor module in Polaris FT Intellect Core Banking 9.7.1. Input passed through the code parameter in three pages as collaterals/colexe3t.jsp and /references/refsuppu.jsp and /references/refbranu.jsp is mishandled before being used in SQL queries, allowing SQL injection with an authenticated session.

 


Copyright 2019, cxsecurity.com

 

Back to Top