CVE-2020-5408 in Oracle FLEXCUBE Private Bankinginfo

Summary

Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack.

Reservation

01/03/2020

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
173483	Oracle FLEXCUBE Private Banking Order Management information disclosure	200	Not defined	Official fix	CVE-2020-5408
168358	Oracle MySQL Enterprise Monitor Service Manager information disclosure	200	Not defined	Official fix	CVE-2020-5408
168263	Oracle Banking Virtual Account Management Common Core information disclosure	200	Not defined	Official fix	CVE-2020-5408
168262	Oracle Banking Trade Finance Process Management Dashboard information disclosure	200	Not defined	Official fix	CVE-2020-5408
168261	Oracle Banking Supply Chain Finance information disclosure	200	Not defined	Official fix	CVE-2020-5408
168260	Oracle Banking Liquidity Management Common information disclosure	200	Not defined	Official fix	CVE-2020-5408
168259	Oracle Banking Credit Facilities Process Management information disclosure	200	Not defined	Official fix	CVE-2020-5408
168258	Oracle Banking Corporate Lending Process Management information disclosure	200	Not defined	Official fix	CVE-2020-5408
163052	Oracle Communications Session Route Manager information disclosure	200	Not defined	Official fix	CVE-2020-5408
163051	Oracle Communications Session Report Manager information disclosure	200	Not defined	Official fix	CVE-2020-5408
163050	Oracle Communications Element Manager information disclosure	200	Not defined	Official fix	CVE-2020-5408
155309	Spring Security CBC Mode predictable iv with cbc	329	Not defined	Official fix	CVE-2020-5408

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

◂ PreviousOverviewNext ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!