Exposure in Oracle FLEXCUBE Private Banking by Oracle Financial Services Applications
CVE-2017-10008

4.3MEDIUM

Key Information:

Vendor: Oracle
Status: Flexcube Private Banking
Vendor: CVE Published:; 8 August 2017

What is CVE-2017-10008?

A vulnerability exists in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications. This flaw allows low privileged attackers with network access via HTTP to gain unauthorized read access to sensitive data within the Oracle FLEXCUBE Private Banking system. The affected versions are 2.0.0, 2.0.1, 2.2.0, and 12.0.1, highlighting the need for diligent security measures to safeguard financial data.

Affected Version(s)

FLEXCUBE Private Banking 2.0.0

FLEXCUBE Private Banking 2.0.1

FLEXCUBE Private Banking 2.2.0

References

http://www.oracle.com/technetwork/security-advisory/cpuju...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/100266

vdb-entryx_refsource_BID

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 8, 2017
Vulnerability Reserved
Jun 21, 2017