Aggregates CVE and security vulnerability intelligence across all polarisft-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk sql injection, vendor risk cross-site scripting, vendor risk csrf, and vendor risk open redirect and related problems; some flaws may lead to vendor impact session compromise.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2018-14931 | An issue was discovered in the Core and Portal modules in Polaris FT Intellect Core Banking 9.7.1. An open redirect exists via a /IntellectMain.jsp?IntellectSystem= URI. | [email protected] | 6.1 | 7.01% | 2019-04-30 | 2024-11-21 |
| CVE-2018-14930 | An issue was discovered in the Armor module in Polaris FT Intellect Core Banking 9.7.1. CSRF can occur via a /CollatWebApp/gcmsRefInsert?name=SUPP URI. | [email protected] | 8.8 | 0.18% | 2019-04-30 | 2024-11-21 |
| CVE-2018-14875 | An issue was discovered in the Core and Portal modules in Polaris FT Intellect Core Banking 9.7.1. Reflected XSS exists with an authenticated session via the Customerid, formName, FrameId, or MODE parameter. | [email protected] | 5.4 | 0.32% | 2019-04-30 | 2024-11-21 |
| CVE-2018-14874 | An issue was discovered in the Armor module in Polaris FT Intellect Core Banking 9.7.1. Input passed through the code parameter in three pages as collaterals/colexe3t.jsp and /references/refsuppu.jsp and /references/refbranu.jsp is mishandled before being used in SQL queries, allowing SQL injection with an authenticated session. | [email protected] | 8.8 | 0.32% | 2019-04-30 | 2024-11-21 |