SQL Injection Vulnerability in Oracle FLEXCUBE Core Banking Component
CVE-2016-8323
5.4MEDIUM
Summary
A SQL injection vulnerability exists in the Oracle FLEXCUBE Core Banking component, leading to unauthorized access and manipulation of accessible data. An attacker with low privileges can exploit this flaw through HTTP requests, resulting in unauthorized updates, inserts, or deletions of data. This vulnerability impacts supported versions 5.1.0, 5.2.0, and 11.5.0, posing a significant risk to data confidentiality and integrity within Oracle FLEXCUBE Core Banking.
Affected Version(s)
FLEXCUBE Core Banking 5.1.0
FLEXCUBE Core Banking 5.2.0
FLEXCUBE Core Banking 11.5.0
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved