Oracle FLEXCUBE Private Banking Vulnerability in Financial Services Applications
CVE-2016-5614

4.3MEDIUM

Key Information:

Vendor
Oracle
Status
Flexcube Private Banking
Vendor
CVE Published:
27 January 2017

Summary

The vulnerability in Oracle FLEXCUBE Private Banking allows low privileged attackers with network access through HTTP to exploit and compromise the application. Successful exploitation could enable unauthorized read access to sensitive data within the Oracle FLEXCUBE system. The affected versions include 2.0.1, 2.2.0, and 12.0.1 of the product, posing risks to user confidentiality and data integrity.

Affected Version(s)

FLEXCUBE Private Banking 2.0.1

FLEXCUBE Private Banking 2.2.0

FLEXCUBE Private Banking 12.0.1

References

http://www.securityfocus.com/bid/95474
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1037636
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuja...
x_refsource_CONFIRM

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.