Unauthorized Access Vulnerability in Oracle FLEXCUBE Investor Servicing
CVE-2018-2898

6.1MEDIUM

Key Information:

Vendor
Oracle
Status
Flexcube Investor Servicing
Vendor
CVE Published:
18 July 2018

Summary

A vulnerability exists in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications, affecting multiple versions. This flaw allows an unauthenticated attacker with network access via HTTP to potentially compromise the system. While an attacker requires human interaction from a third party to exploit this vulnerability, successful exploitation can lead to unauthorized insert, update, or delete access to sensitive data, as well as unauthorized read access to certain accessible information within the system. This vulnerability can have broader implications on related products, making it crucial for stakeholders to address it promptly.

Affected Version(s)

FLEXCUBE Investor Servicing 12.0.4

FLEXCUBE Investor Servicing 12.1.0

FLEXCUBE Investor Servicing 12.3.0

References

http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1041307
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/104793
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.