Vulnerability in Oracle FLEXCUBE Private Banking Affects Financial Services Applications
CVE-2017-10005

6.1MEDIUM

Key Information:

Vendor
Oracle
Status
Flexcube Private Banking
Vendor
CVE Published:
8 August 2017

Summary

The Oracle FLEXCUBE Private Banking component within Oracle Financial Services Applications has a vulnerability that can be exploited by an unauthenticated attacker with network access via HTTP. This flaw allows for unauthorized operations such as modification and deletion of data. Although an attack requires human interaction from a third party, successful exploitation can compromise not only FLEXCUBE's data integrity and confidentiality but may also affect interconnected services. Specifically, this vulnerability poses a risk of unauthorized updates, inserts, and deletions of accessible data, alongside potential unauthorized reading of sensitive information.

Affected Version(s)

FLEXCUBE Private Banking 2.0.0

FLEXCUBE Private Banking 2.0.1

FLEXCUBE Private Banking 2.2.0

References

http://www.securitytracker.com/id/1038934
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/99766
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.