Unauthorized Access Vulnerability in Oracle FLEXCUBE Investor Servicing by Oracle
CVE-2020-2722
5.4MEDIUM
Summary
The vulnerability in Oracle FLEXCUBE Investor Servicing allows unauthenticated attackers with network access via HTTP to potentially compromise the system. Successful exploitation requires human interaction from the victim, leading to unauthorized updates, inserts, or deletions of accessible data, as well as potential unauthorized read access to certain data within Oracle FLEXCUBE Investor Servicing. This vulnerability primarily affects versions 12.1.0 through 12.4.0 and 14.0.0 through 14.1.0, representing critical risks for institutions utilizing this product within financial services.
Affected Version(s)
FLEXCUBE Investor Servicing 12.1.0-12.4.0
FLEXCUBE Investor Servicing 14.0.0-14.1.0
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved