Unauthenticated Access Flaw in Oracle FLEXCUBE Investor Servicing by Oracle
CVE-2019-2736

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Flexcube Investor Servicing
Vendor: CVE Published:; 23 July 2019

Summary

An unauthenticated access vulnerability exists in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications. This flaw allows attackers with network access via HTTP to compromise the affected component. Although an attacker requires human interaction to exploit this vulnerability, successful exploitation can lead to unauthorized update, insertion, or deletion of data. It may also permit unauthorized read access to sensitive data within Oracle FLEXCUBE Investor Servicing. This vulnerability affects multiple versions of the product and poses a significant risk to the integrity and confidentiality of accessible data.

Affected Version(s)

FLEXCUBE Investor Servicing 12.0.1

FLEXCUBE Investor Servicing 12.0.3

FLEXCUBE Investor Servicing 12.0.4

References

http://www.oracle.com/technetwork/security-advisory/cpuju...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 23, 2019
Vulnerability Reserved
Dec 14, 2018