Vulnerability in Oracle FLEXCUBE Universal Banking Product by Oracle
CVE-2021-2324

4.6MEDIUM

Key Information:

Vendor: Oracle
Status: Flexcube Universal Banking
Vendor: CVE Published:; 21 July 2021

What is CVE-2021-2324?

The vulnerability within Oracle's FLEXCUBE Universal Banking product enables low-privileged attackers to exploit certain conditions through HTTP. While it requires human interaction from targets, this vulnerability can lead to unauthorized modifications, deletions, and access to sensitive data. Attackers could gain the ability to alter or view data that should remain protected, resulting in severe threats to the integrity and confidentiality of banking transactions.

Affected Version(s)

FLEXCUBE Universal Banking 12.0-12.4

FLEXCUBE Universal Banking 14.0-14.4

References

https://www.oracle.com/security-alerts/cpujul2021.html

x_refsource_MISC

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 21, 2021
Vulnerability Reserved
Dec 9, 2020