Vulnerability in Oracle FLEXCUBE Universal Banking by Oracle
CVE-2023-22118

6.5MEDIUM

Key Information:

Vendor: Oracle
Status: Flexcube Universal Banking
Vendor: CVE Published:; 17 October 2023

Summary

A flaw in Oracle FLEXCUBE Universal Banking allows low-privileged attackers to exploit the system with network access via HTTP. The vulnerability necessitates human interaction for successful exploitation, which could lead to unauthorized modification or deletion of data. Additionally, it presents risks such as unauthorized read access to sensitive data and the potential for causing a partial denial of service. The effects may extend beyond FLEXCUBE, impacting other related products.

Affected Version(s)

FLEXCUBE Universal Banking 12.3

FLEXCUBE Universal Banking 12.4

FLEXCUBE Universal Banking 14.0 <= 14.3

References

https://www.oracle.com/security-alerts/cpuoct2023.html

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 17, 2023
Vulnerability Reserved
Dec 17, 2022