Vulnerability in Oracle FLEXCUBE Private Banking Component by Oracle
CVE-2017-3475

5MEDIUM

Key Information:

Vendor

Oracle
Status
Flexcube Private Banking
Vendor
CVE Published:
24 April 2017

What is CVE-2017-3475?

A flaw exists in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications, which can be exploited by an attacker with low privileges and network access via HTTP. This vulnerability allows unauthorized access to the system, potentially leading to a partial denial of service. Affected versions include 2.0.0, 2.0.1, 2.2.0.1, and 12.0.1, with impacts not just limited to Oracle FLEXCUBE but potentially extending to other interconnected products.

Affected Version(s)

FLEXCUBE Private Banking 2.0.0

FLEXCUBE Private Banking 2.0.1

FLEXCUBE Private Banking 2.2.0.1

References

http://www.oracle.com/technetwork/security-advisory/cpuap...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1038304
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/97816
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2017-3475 : Vulnerability in Oracle FLEXCUBE Private Banking Component by Oracle