Vulnerability in Oracle FLEXCUBE Direct Banking by Oracle
CVE-2019-2979

5.7MEDIUM

Key Information:

Vendor: Oracle
Status: Flexcube Direct Banking
Vendor: CVE Published:; 16 October 2019

Summary

A vulnerability exists in Oracle FLEXCUBE Direct Banking allowing low privileged attackers with HTTP network access to compromise the system. Exploiting this vulnerability may allow unauthorized individuals to create, delete, or modify critical data, affecting the integrity of all accessible banking data. Successful exploitation necessitates human interaction from a user other than the attacker, raising serious security implications for organizations utilizing affected versions 12.0.2 and 12.0.3.

Affected Version(s)

FLEXCUBE Direct Banking 12.0.2

FLEXCUBE Direct Banking 12.0.3

References

http://www.oracle.com/technetwork/security-advisory/cpuoc...

x_refsource_MISC

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 16, 2019
Vulnerability Reserved
Dec 14, 2018