Vulnerability in Oracle FLEXCUBE Investor Servicing by Oracle
CVE-2019-2845

3.5LOW

Key Information:

Vendor: Oracle
Status: Flexcube Investor Servicing
Vendor: CVE Published:; 23 July 2019

Summary

An exploitable vulnerability exists in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications. This issue impacts multiple versions and allows a low privileged attacker with network access via HTTP to compromise the system. Successful exploitation requires human interaction from a user other than the attacker, which makes this vulnerability particularly concerning. An attacker could potentially utilize this flaw to induce a partial denial of service, disrupting the availability of Oracle FLEXCUBE Investor Servicing. Appropriate measures should be taken to mitigate risks associated with this vulnerability.

Affected Version(s)

FLEXCUBE Investor Servicing 12.0.1

FLEXCUBE Investor Servicing 12.0.3

FLEXCUBE Investor Servicing 12.0.4

References

http://www.oracle.com/technetwork/security-advisory/cpuju...

x_refsource_MISC

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 23, 2019
Vulnerability Reserved
Dec 14, 2018