Unauthorized Access Vulnerability in Oracle FLEXCUBE Investor Servicing by Oracle
CVE-2020-2723

7.1HIGH

Key Information:

Vendor: Oracle
Status: Flexcube Investor Servicing
Vendor: CVE Published:; 15 January 2020

Summary

A vulnerability exists in Oracle FLEXCUBE Investor Servicing, part of Oracle Financial Services Applications, that permits low-privileged attackers with network access via HTTP to potentially compromise the system. Exploiting this vulnerability can lead to unauthorized access to sensitive data within Oracle FLEXCUBE Investor Servicing. Attackers may gain complete access to all accessible data and have the ability to perform unauthorized operations such as update, insert, or delete on some of the data stored in the system. This highlights the necessity for prompt remediation to protect critical information.

Affected Version(s)

FLEXCUBE Investor Servicing 12.1.0-12.4.0

FLEXCUBE Investor Servicing 14.0.0-14.1.0

References

https://www.oracle.com/security-alerts/cpujan2020.html

x_refsource_MISC

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 15, 2020
Vulnerability Reserved
Dec 10, 2019