Vulnerability in Oracle FLEXCUBE Investor Servicing by Oracle
CVE-2018-3033

5.3MEDIUM

Key Information:

Vendor
Oracle
Status
Flexcube Investor Servicing
Vendor
CVE Published:
18 July 2018

Summary

The vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications arises from improper authentication mechanisms. It enables a low-privileged attacker with network access via HTTP to exploit this weakness, potentially leading to unauthorized access to sensitive data. Attackers can compromise critical data stored within the system, posing a serious risk to the integrity and confidentiality of financial information managed by Oracle FLEXCUBE. The supported versions affected by this vulnerability include 12.0.4, 12.1.0, 12.3.0, and 12.4.0.

Affected Version(s)

FLEXCUBE Investor Servicing 12.0.4

FLEXCUBE Investor Servicing 12.1.0

FLEXCUBE Investor Servicing 12.3.0

References

http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/104806
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1041307
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.