Vulnerability in Oracle FLEXCUBE Enterprise Limits and Collateral Management Component
CVE-2017-3493

8.5HIGH

Key Information:

Vendor

Oracle
Status
Flexcube Enterprise Limits And Collateral Management
Vendor
CVE Published:
24 April 2017

What is CVE-2017-3493?

A vulnerability exists in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component, which permits low privileged attackers with network access via HTTP to exploit the system. This flaw allows unauthorized access to sensitive data, potentially leading to significant operational disruptions. Attackers could manipulate the system to gain complete access to all Oracle FLEXCUBE Enterprise Limits and Collateral Management data and might initiate a partial denial of service, impacting the overall functionality for users reliant on this essential application.

Affected Version(s)

FLEXCUBE Enterprise Limits and Collateral Management 12.0.0

FLEXCUBE Enterprise Limits and Collateral Management 12.1.0

References

http://www.securityfocus.com/bid/97726
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuap...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1038304
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.