CVE-2016-8313

4.1MEDIUM

Key Information:

Vendor
Oracle
Status
Flexcube Private Banking
Vendor
CVE Published:
27 January 2017

Summary

Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Private Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Private Banking accessible data. CVSS v3.0 Base Score 4.1 (Confidentiality impacts).

Affected Version(s)

FLEXCUBE Private Banking 2.0.1

FLEXCUBE Private Banking 2.2.0

FLEXCUBE Private Banking 12.0.1

References

http://www.securityfocus.com/bid/95489
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1037636
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuja...
x_refsource_CONFIRM

CVSS V3.1

Score:
4.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.