Unauthenticated Access Vulnerability in Oracle FLEXCUBE Direct Banking
CVE-2017-3245

4.7MEDIUM

Key Information:

Vendor
Oracle
Status
Flexcube Direct Banking
Vendor
CVE Published:
27 January 2017

Summary

An unauthenticated access vulnerability exists within the Oracle FLEXCUBE Direct Banking component, specifically in the Pre-Login subcomponent. This vulnerability primarily affects versions 12.0.2 and 12.0.3, allowing unauthorized attackers with network access via HTTP to compromise the system. Attackers can read accessible data without proper authorization if their attacks involve human interaction from an unknowing user. As a result, this vulnerability poses a risk to sensitive data within Oracle FLEXCUBE Direct Banking, potentially affecting additional products within the Oracle Financial Services Applications ecosystem.

Affected Version(s)

FLEXCUBE Direct Banking 12.0.2

FLEXCUBE Direct Banking 12.0.3

References

http://www.securityfocus.com/bid/95606
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1037636
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuja...
x_refsource_CONFIRM

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.