Remote Code Execution Vulnerability in Oracle FLEXCUBE Investor Servicing
CVE-2020-2721
6.5MEDIUM
Summary
A vulnerability in the Oracle FLEXCUBE Investor Servicing product could allow a low-privileged attacker to gain unauthorized access to sensitive data. This issue is particularly concerning as it can be exploited remotely via HTTP, providing a route for potential data breaches. Affected versions include 12.1.0 to 12.4.0 and 14.0.0 to 14.1.0, making it crucial for organizations to quickly assess their systems and apply necessary patches. If successfully exploited, attackers may obtain critical data, emphasizing the importance of immediate remediation steps.
Affected Version(s)
FLEXCUBE Investor Servicing 12.1.0-12.4.0
FLEXCUBE Investor Servicing 14.0.0-14.1.0
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved