Oracle Flexcube Investor Servicing 12.0.2 Banking Remote Code Execution Vulnerability

Summary

A remote authenticated user can exploit a flaw in the Oracle FLEXCUBE Investor Servicing Core component to partially access data

Credit:

The original article can be found at: http://www.securitytracker.com/id/1037636
The information has been provided by Dawid Golunski.


Details

Vulnerable Systems:
 * Oracle Flexcube Investor Servicing 12.0.1
 * Oracle Flexcube Investor Servicing 12.0.2
 * Oracle Flexcube Investor Servicing 12.0.4
 * Oracle Flexcube Investor Servicing 12.1.0
 * Oracle Flexcube Investor Servicing 12.3.0

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 4.3 (Confidentiality impacts).

CVE Information:
CVE-2016-8309

Disclosure Timeline:
Publish Date : 2017-01-27
Last Update Date : 2017-02-10

Categories: News