Unauthorized Access Vulnerability in Oracle FLEXCUBE Direct Banking
CVE-2018-2674

6.1MEDIUM

Key Information:

Vendor
Oracle
Status
Flexcube Direct Banking
Vendor
CVE Published:
18 January 2018

Summary

A vulnerability exists in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications, specifically in the Logoff subcomponent. This flaw allows an unauthenticated attacker to compromise the system via HTTP. While direct exploitation of this vulnerability necessitates interaction from a user not involved in the attack, it poses risks of unauthorized access to sensitive information. If successfully exploited, it could lead to unauthorized actions, including updates, inserts, or deletions of accessible data. The vulnerability affects specific versions of the product, making timely updates crucial to maintain security and data integrity.

Affected Version(s)

FLEXCUBE Direct Banking 12.0.2

FLEXCUBE Direct Banking 12.0.3

References

http://www.oracle.com/technetwork/security-advisory/cpuja...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1040214
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/102686
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.