Vulnerability in Oracle FLEXCUBE Private Banking Affects Financial Services Applications
CVE-2017-10010
4.6MEDIUM
Summary
A vulnerability exists in the Oracle FLEXCUBE Private Banking component that allows a low-privileged attacker with network access via HTTP to compromise the system. This flaw enables unauthorized actions that include the ability to update, insert, or delete data, as well as read sensitive information. Notably, these successful attacks require human interaction from an external user, which may increase the risk of exploitation in scenarios where user awareness is low. Various versions of the product are affected and thus require prompt mitigation measures.
Affected Version(s)
FLEXCUBE Private Banking 2.0.0
FLEXCUBE Private Banking 2.0.1
FLEXCUBE Private Banking 2.2.0
References
CVSS V3.1
Score:
4.6
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved