Vulnerability in Oracle FLEXCUBE Universal Banking Product from Oracle
CVE-2022-21472

5.9MEDIUM

Key Information:

Vendor: Oracle
Status: Flexcube Universal Banking
Vendor: CVE Published:; 19 April 2022

Summary

A vulnerability exists in Oracle FLEXCUBE Universal Banking that allows low-privileged attackers with network access via HTTP to compromise the system. Exploitation requires human interaction from another individual. An attacker can unauthorizedly create, delete, or modify critical data, leading to potential unauthorized access to data and partial denial of service. Supported versions, including 12.4 and 14.0 through 14.5, are affected, emphasizing the need for immediate attention to safeguard sensitive information.

Affected Version(s)

FLEXCUBE Universal Banking 12.4

FLEXCUBE Universal Banking 14.0-14.3

FLEXCUBE Universal Banking 14.5

References

https://www.oracle.com/security-alerts/cpuapr2022.html

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 19, 2022
Vulnerability Reserved
Nov 15, 2021