Unauthenticated Access Vulnerability in Oracle FLEXCUBE Private Banking Component
CVE-2017-3471

4.7MEDIUM

Key Information:

Vendor
Oracle
Status
Flexcube Private Banking
Vendor
CVE Published:
24 April 2017

Summary

A vulnerability has been identified in the Oracle FLEXCUBE Private Banking component within Oracle Financial Services Applications, impacting versions 12.0.0 and 12.1.0. This vulnerability permits an unauthenticated attacker with network access to exploit the system via HTTP. While the attack requires human interaction from a user other than the attacker, it poses a risk of unauthorized data manipulation, including updates, inserts, or deletions of accessible data within the FLEXCUBE Private Banking environment. This weakness could lead to significant ramifications for interconnected products and services.

Affected Version(s)

FLEXCUBE Private Banking 12.0.0

FLEXCUBE Private Banking 12.1.0

References

http://www.oracle.com/technetwork/security-advisory/cpuap...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1038304
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/97828
vdb-entryx_refsource_BID

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.