Vulnerability in Oracle FLEXCUBE Universal Banking by Oracle
CVE-2019-2744

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Flexcube Universal Banking
Vendor: CVE Published:; 23 July 2019

Summary

This vulnerability exists in the Oracle FLEXCUBE Universal Banking component, allowing unauthenticated attackers with network access via HTTP to compromise its integrity and confidentiality. Although primarily impacting Oracle FLEXCUBE, successful exploitation may lead to unauthorized updates, inserts, or deletions of accessible data. Attackers need human interaction from a third party to successfully exploit this flaw. The implications can extend to other related products, posing a significant risk to overall data security and operational integrity within the banking environment.

Affected Version(s)

FLEXCUBE Universal Banking 12.0.1-12.0.3

FLEXCUBE Universal Banking 12.1.0-12.4.0

FLEXCUBE Universal Banking 14.0.0-14.2.0

References

http://www.oracle.com/technetwork/security-advisory/cpuju...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 23, 2019
Vulnerability Reserved
Dec 14, 2018