Oracle FLEXCUBE Investor Servicing Vulnerability in Financial Services Applications
CVE-2018-3029
5.3MEDIUM
Summary
An exploitable vulnerability exists in the Oracle FLEXCUBE Investor Servicing component, allowing an unauthenticated attacker with network access via HTTP to potentially compromise sensitive data. Attackers can exploit this vulnerability to gain unauthorized read access to specific data within the Oracle FLEXCUBE application, impacting the confidentiality of information. The supported versions impacted include 12.0.4, 12.1.0, 12.3.0, and 12.4.0.
Affected Version(s)
FLEXCUBE Investor Servicing 12.0.4
FLEXCUBE Investor Servicing 12.1.0
FLEXCUBE Investor Servicing 12.3.0
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved