Unauthorized Access Vulnerability in Oracle FLEXCUBE Universal Banking Product
CVE-2021-2323

5.9MEDIUM

Key Information:

Vendor: Oracle
Status: Flexcube Universal Banking
Vendor: CVE Published:; 21 July 2021

Summary

A vulnerability exists in Oracle FLEXCUBE Universal Banking that may allow unauthenticated users with network access via HTTP to gain unauthorized access to sensitive data. This flaw affects certain versions, enabling attackers to compromise critical information stored in the application, resulting in potential data breaches and loss of data privacy. It is essential for organizations using Oracle FLEXCUBE Universal Banking to mitigate the risks associated with this vulnerability by applying appropriate security measures.

Affected Version(s)

FLEXCUBE Universal Banking 12.3

FLEXCUBE Universal Banking 12.4

FLEXCUBE Universal Banking 14.0-14.4

References

https://www.oracle.com/security-alerts/cpujul2021.html

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 21, 2021
Vulnerability Reserved
Dec 9, 2020