Exploitation of Vulnerability in Oracle FLEXCUBE Investor Servicing by Oracle
CVE-2019-2841

8.1HIGH

Key Information:

Vendor: Oracle
Status: Flexcube Investor Servicing
Vendor: CVE Published:; 23 July 2019

Summary

This vulnerability affects the Oracle FLEXCUBE Investor Servicing component, allowing a low privileged attacker with network access to HTTP to exploit the system. Attackers can gain unauthorized capabilities to create, delete or modify critical data. This can lead to severe implications for the integrity and confidentiality of valuable information within the Oracle FLEXCUBE Investor Servicing platform.

Affected Version(s)

FLEXCUBE Investor Servicing 12.0.1

FLEXCUBE Investor Servicing 12.0.3

FLEXCUBE Investor Servicing 12.0.4

References

http://www.oracle.com/technetwork/security-advisory/cpuju...

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 23, 2019
Vulnerability Reserved
Dec 14, 2018