Vulnerability in Oracle FLEXCUBE Private Banking Affects Financial Services Applications
CVE-2017-10010

4.6MEDIUM

Key Information:

Vendor

Oracle
Status
Flexcube Private Banking
Vendor
CVE Published:
8 August 2017

What is CVE-2017-10010?

A vulnerability exists in the Oracle FLEXCUBE Private Banking component that allows a low-privileged attacker with network access via HTTP to compromise the system. This flaw enables unauthorized actions that include the ability to update, insert, or delete data, as well as read sensitive information. Notably, these successful attacks require human interaction from an external user, which may increase the risk of exploitation in scenarios where user awareness is low. Various versions of the product are affected and thus require prompt mitigation measures.

Affected Version(s)

FLEXCUBE Private Banking 2.0.0

FLEXCUBE Private Banking 2.0.1

FLEXCUBE Private Banking 2.2.0

References

http://www.securitytracker.com/id/1038934
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/99829
vdb-entryx_refsource_BID

CVSS V3.1

Score:
4.6
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.