Unauthorized Access Vulnerability in Oracle FLEXCUBE Direct Banking by Oracle
CVE-2019-2550

4.3MEDIUM

Key Information:

Vendor: Oracle
Status: Flexcube Direct Banking
Vendor: CVE Published:; 16 January 2019

What is CVE-2019-2550?

The Oracle FLEXCUBE Direct Banking component is impacted by a vulnerability that allows an unauthenticated attacker to exploit the logoff page. This issue can be triggered by human interaction from another individual, leading to unauthorized access for updates, inserts, or deletions of sensitive data. Users on version 12.0.2 are particularly at risk, emphasizing the need for immediate awareness and mitigation strategies.

Affected Version(s)

FLEXCUBE Direct Banking 12.0.2

References

http://www.securityfocus.com/bid/106613

vdb-entryx_refsource_BID

http://www.oracle.com/technetwork/security-advisory/cpuja...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 16, 2019
Vulnerability Reserved
Dec 14, 2018