Vulnerability in Oracle FLEXCUBE Universal Banking by Oracle Financial Services Applications
CVE-2022-21578

6.7MEDIUM

Key Information:

Vendor: Oracle
Status: Flexcube Universal Banking
Vendor: CVE Published:; 19 July 2022

Summary

The vulnerability in Oracle FLEXCUBE Universal Banking allows a low-privileged attacker with network access over HTTP to exploit the system, requiring human interaction from an entity other than the attacker. Successful exploitation can lead to unauthorized creation, deletion, or modification of critical data and access to all data within Oracle FLEXCUBE Universal Banking. Additionally, it may enable a partial denial of service, impacting the availability of services provided by the application.

Affected Version(s)

FLEXCUBE Universal Banking 12.1-12.4

FLEXCUBE Universal Banking 14.0-14.3

FLEXCUBE Universal Banking 14.5

References

https://www.oracle.com/security-alerts/cpujul2022.html

x_refsource_MISC

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 19, 2022
Vulnerability Reserved
Nov 15, 2021