Vulnerability in Oracle FLEXCUBE Universal Banking by Oracle
CVE-2020-2685

5.4MEDIUM

Key Information:

Vendor: Oracle
Status: Flexcube Universal Banking
Vendor: CVE Published:; 15 January 2020

Summary

The Oracle FLEXCUBE Universal Banking product is susceptible to a vulnerability that enables unauthenticated network access via HTTP. This flaw could allow an attacker to manipulate the system by unauthorized actions such as updating, inserting, or deleting accessible data within FLEXCUBE. Importantly, successful exploitation requires human interaction from another individual, widening potential exposure. This vulnerability poses significant risks to data confidentiality and integrity, affecting versions between 12.0.1 and 14.3.0.

Affected Version(s)

FLEXCUBE Universal Banking 12.0.1-12.4.0

FLEXCUBE Universal Banking 14.0.0-14.3.0

References

https://www.oracle.com/security-alerts/cpujan2020.html

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 15, 2020
Vulnerability Reserved
Dec 10, 2019