SQL Injection Vulnerability in Oracle FLEXCUBE Core Banking Component
CVE-2016-8323

5.4MEDIUM

Key Information:

Vendor: Oracle
Status: Flexcube Core Banking
Vendor: CVE Published:; 27 January 2017

What is CVE-2016-8323?

A SQL injection vulnerability exists in the Oracle FLEXCUBE Core Banking component, leading to unauthorized access and manipulation of accessible data. An attacker with low privileges can exploit this flaw through HTTP requests, resulting in unauthorized updates, inserts, or deletions of data. This vulnerability impacts supported versions 5.1.0, 5.2.0, and 11.5.0, posing a significant risk to data confidentiality and integrity within Oracle FLEXCUBE Core Banking.