Polarisft: >> Intellect Core Banking >> 9.7.1 Security Vulnerabilities
An issue was discovered in the Armor module in Polaris FT Intellect Core Banking 9.7.1. Input passed through the code parameter in three pages as collaterals/colexe3t.jsp and /references/refsuppu.jsp and /references/refbranu.jsp is mishandled before being used in SQL queries, allowing SQL injection with an authenticated session.
CVSS Score
8.8
EPSS Score
0.004
Published
2019-04-30
An issue was discovered in the Core and Portal modules in Polaris FT Intellect Core Banking 9.7.1. Reflected XSS exists with an authenticated session via the Customerid, formName, FrameId, or MODE parameter.
CVSS Score
5.4
EPSS Score
0.004
Published
2019-04-30
An issue was discovered in the Armor module in Polaris FT Intellect Core Banking 9.7.1. CSRF can occur via a /CollatWebApp/gcmsRefInsert?name=SUPP URI.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-04-30
An issue was discovered in the Core and Portal modules in Polaris FT Intellect Core Banking 9.7.1. An open redirect exists via a /IntellectMain.jsp?IntellectSystem= URI.
CVSS Score
6.1
EPSS Score
0.07
Published
2019-04-30