Vulnerability in Oracle FLEXCUBE Core Banking Product by Oracle Financial Services Applications
CVE-2020-2955

6.3MEDIUM

Key Information:

Vendor: Oracle
Status: Flexcube Core Banking
Vendor: CVE Published:; 15 April 2020

Summary

An easily exploitable vulnerability exists in the Oracle FLEXCUBE Core Banking product, allowing attackers with low-level privileges to gain unauthorized access. These attackers can manipulate data through unauthorized updates, inserts, and deletes, as well as access confidential information. Additionally, they may potentially induce a partial denial of service, affecting the availability of the system. The attack vector is via HTTP, making it particularly concerning for network-based threats.

Affected Version(s)

FLEXCUBE Core Banking 4.0

References

https://www.oracle.com/security-alerts/cpuapr2020.html

x_refsource_MISC

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 15, 2020
Vulnerability Reserved
Dec 10, 2019