Remote Code Execution Vulnerability in Oracle FLEXCUBE Investor Servicing
CVE-2020-2721

6.5MEDIUM

Key Information:

Vendor: Oracle
Status: Flexcube Investor Servicing
Vendor: CVE Published:; 15 January 2020

What is CVE-2020-2721?

A vulnerability in the Oracle FLEXCUBE Investor Servicing product could allow a low-privileged attacker to gain unauthorized access to sensitive data. This issue is particularly concerning as it can be exploited remotely via HTTP, providing a route for potential data breaches. Affected versions include 12.1.0 to 12.4.0 and 14.0.0 to 14.1.0, making it crucial for organizations to quickly assess their systems and apply necessary patches. If successfully exploited, attackers may obtain critical data, emphasizing the importance of immediate remediation steps.

Affected Version(s)

FLEXCUBE Investor Servicing 12.1.0-12.4.0

FLEXCUBE Investor Servicing 14.0.0-14.1.0

References

https://www.oracle.com/security-alerts/cpujan2020.html

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 15, 2020
Vulnerability Reserved
Dec 10, 2019