Vulnerability in Oracle FLEXCUBE Universal Banking from Oracle Financial Services Applications
CVE-2023-22117

5.4MEDIUM

Key Information:

Vendor: Oracle
Status: Flexcube Universal Banking
Vendor: CVE Published:; 17 October 2023

Summary

A vulnerability in Oracle FLEXCUBE Universal Banking allows low-privileged attackers with network access via HTTP to exploit the system, requiring human interaction for successful execution. This security flaw can lead to unauthorized updates, inserts, or deletions of accessible data, along with unauthorized read access to certain data. The impact of successful exploitation may extend beyond FLEXCUBE, affecting additional products, making it crucial for users to address this vulnerability promptly.

Affected Version(s)

FLEXCUBE Universal Banking 12.3

FLEXCUBE Universal Banking 12.4

FLEXCUBE Universal Banking 14.0 <= 14.3

References

https://www.oracle.com/security-alerts/cpuoct2023.html

vendor-advisory

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 17, 2023
Vulnerability Reserved
Dec 17, 2022