Weakness in Oracle Financial Services Applications FLEXCUBE Investor Servicing Component
CVE-2018-3032

5.4MEDIUM

Key Information:

Vendor
Oracle
Status
Flexcube Investor Servicing
Vendor
CVE Published:
18 July 2018

Summary

A vulnerability exists in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications, allowing attackers with low privileges and network access via HTTP to compromise the system. This weakness permits unauthorized updates, inserts, or deletions of data within the platform, along with unauthorized read access to certain data. The supported versions affected by this issue include 12.0.4, 12.1.0, 12.3.0, and 12.4.0. Organizations using these versions are encouraged to apply the relevant security patches to mitigate the risk.

Affected Version(s)

FLEXCUBE Investor Servicing 12.0.4

FLEXCUBE Investor Servicing 12.1.0

FLEXCUBE Investor Servicing 12.3.0

References

http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1041307
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/104793
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.