Vulnerability in Oracle FLEXCUBE Universal Banking by Oracle
CVE-2020-2684

6.5MEDIUM

Key Information:

Vendor: Oracle
Status: Flexcube Universal Banking
Vendor: CVE Published:; 15 January 2020

Summary

An access control vulnerability exists in Oracle FLEXCUBE Universal Banking that can be exploited by low privileged attackers with network access via HTTP. This vulnerability allows these attackers to gain unauthorized access to sensitive data. Successful exploitation could lead to an attacker compromising the system and accessing potentially critical information. The affected versions range from 12.0.1 to 14.3.0, highlighting the importance of upgrading to secure releases as soon as possible.

Affected Version(s)

FLEXCUBE Universal Banking 12.0.1-12.4.0

FLEXCUBE Universal Banking 14.0.0-14.3.0

References

https://www.oracle.com/security-alerts/cpujan2020.html

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 15, 2020
Vulnerability Reserved
Dec 10, 2019