Vulnerability in Oracle FLEXCUBE Private Banking Component of Oracle Financial Services Applications
CVE-2017-10022
4.3MEDIUM
Summary
A vulnerability exists in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications, which allows an attacker with low privileges to exploit the system via HTTP. This easily exploitable flaw grants unauthorized read access to sensitive data accessible through the application. The affected versions include 2.0.0, 2.0.1, 2.2.0, and 12.0.1, requiring immediate attention to enhance the security framework and safeguard against potential data breaches.
Affected Version(s)
FLEXCUBE Private Banking 2.0.0
FLEXCUBE Private Banking 2.0.1
FLEXCUBE Private Banking 2.2.0
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved