Vulnerability in Oracle FLEXCUBE Private Banking by Oracle
CVE-2017-3477

4.2MEDIUM

Key Information:

Vendor

Oracle
Status
Flexcube Private Banking
Vendor
CVE Published:
24 April 2017

What is CVE-2017-3477?

This vulnerability resides in the Oracle FLEXCUBE Private Banking component, allowing a low privileged attacker with network access via HTTP to potentially compromise the application. Exploiting this could lead to unauthorized updates, inserts, or deletions of accessible data, as well as unauthorized reading of a subset of the application's data. It is critical for users to review their configurations and ensure robust security measures are in place to mitigate the risk associated with this vulnerability.

Affected Version(s)

FLEXCUBE Private Banking 12.0.0

FLEXCUBE Private Banking 12.1.0

References

http://www.oracle.com/technetwork/security-advisory/cpuap...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1038304
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/97867
vdb-entryx_refsource_BID

CVSS V3.1

Score:
4.2
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2017-3477 : Vulnerability in Oracle FLEXCUBE Private Banking by Oracle