Oracle FLEXCUBE Universal Banking Vulnerability in Oracle Financial Services Applications
CVE-2020-14887

6.5MEDIUM

Key Information:

Vendor
Oracle
Status
Flexcube Universal Banking
Vendor
CVE Published:
21 October 2020

Summary

A vulnerability exists in Oracle FLEXCUBE Universal Banking within Oracle Financial Services Applications, specifically in its infrastructure component. This issue affects versions 12.3.0 and 14.0.0 through 14.4.0, allowing low-privileged attackers with network access via HTTP to exploit this weakness. If successfully exploited, this vulnerability can lead to unauthorized access to sensitive data or allow attackers to assume complete control over all accessible data within the Oracle FLEXCUBE Universal Banking environment. Organizations using the affected versions are recommended to apply the necessary security patches to safeguard their financial data.

Affected Version(s)

FLEXCUBE Universal Banking 12.3.0

FLEXCUBE Universal Banking 14.0.0-14.4.0

References

https://www.oracle.com/security-alerts/cpuoct2020.html
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.