Sanehdeep Singh

**Name of the Vulnerable Software and Affected Versions** Oracle FLEXCUBE Universal Banking versions 12.1 through 12.4 Oracle FLEXCUBE Universal Banking versions 14.0 through 14.3 Oracle FLEXCUBE Universal Banking version 14.5 **Description** The issue is related to errors in the code of the Infrastructure component of Oracle FLEXCUBE Universal Banking, allowing a low-privileged attacker with network access via HTTP to compromise the system. Successful attacks require human interaction from a person other than the attacker and can result in the takeover of Oracle FLEXCUBE Universal Banking. **Recommendations** For versions 12.1 through 12.4, update to a version outside of this range to mitigate the risk. For versions 14.0 through 14.3, update to a version outside of this range to mitigate the risk. For version 14.5, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to the Infrastructure component until a patch is available. Avoid using HTTP requests to the affected component until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Splunk Enterprise versions 6.1.0 through 6.1.2 **Description** The issue allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URI, related to search ids. This is a directory traversal vulnerability in Splunk Web or the Splunkd HTTP Server. **Recommendations** For versions 6.1.0 through 6.1.2, update to version 6.1.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Splunk Enterprise versions 6.1.x through 6.1.2 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the Referer HTTP header. This affects Splunk Web in Splunk Enterprise. **Recommendations** For versions 6.1.x through 6.1.2, update to version 6.1.3 or later to resolve the issue.