Unauthenticated Access Vulnerability in Oracle FLEXCUBE Enterprise Limits and Collateral Management
CVE-2017-3496

6.1MEDIUM

Key Information:

Vendor
Oracle
Status
Flexcube Enterprise Limits And Collateral Management
Vendor
CVE Published:
24 April 2017

Summary

A vulnerability exists in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications that allows an unauthenticated attacker with network access via HTTP to compromise the system. The exploitation of this vulnerability requires human interaction by a third party, and while primarily affecting Oracle FLEXCUBE, it can significantly impact other connected products. Successful exploitation can lead to unauthorized updates, insertions, or deletions of data, as well as unauthorized read access to sensitive data. This vulnerability emphasizes the need for robust security measures to safeguard financial data managed by Oracle FLEXCUBE.

Affected Version(s)

FLEXCUBE Enterprise Limits and Collateral Management 12.0.0

FLEXCUBE Enterprise Limits and Collateral Management 12.1.0

References

http://www.oracle.com/technetwork/security-advisory/cpuap...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1038304
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/97766
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.