Skip to main content

Flexcube Universal Banking CVE-2016-5603

MEDIUM
Information Exposure (CWE-200)
2016-10-25 secalert_us@oracle.com
4.3
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Oct 25, 2016 - 14:31 cve.org
MEDIUM 4.3

DescriptionCVE.org

Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3, 12.1.0, and 12.2.0 allows remote authenticated users to affect confidentiality via vectors related to INFRA, a different vulnerability than CVE-2016-5621.

AnalysisAI

Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3, 12.1.0, and 12.2.0 allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3, 12.1.0, and 12.2.0 allows remote authenticated users to affect confidentiality via vectors related to INFRA, a different vulnerability than CVE-2016-5621. Affected products include: Oracle Flexcube Universal Banking. Version information: through 12.0.3.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2016-5607 HIGH
8.8 Oct 25

Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 1

CVE-2018-2648 HIGH
8.8 Jan 18

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent

CVE-2016-8297 HIGH
8.1 Jan 27

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent

CVE-2016-5619 HIGH
8.1 Oct 25

Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 1

CVE-2019-2754 HIGH
8.1 Jul 23

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent

CVE-2018-3015 HIGH
8.1 Jul 18

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent

CVE-2018-2649 HIGH
8.1 Jan 18

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent

CVE-2021-37714 HIGH
7.5 Aug 18

jsoup is a Java library for working with HTML. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitabl

CVE-2021-36090 HIGH
7.5 Jul 13

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally lead

CVE-2021-35517 HIGH
7.5 Jul 13

When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally lead

CVE-2021-35516 HIGH
7.5 Jul 13

When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads

CVE-2021-35515 HIGH
7.5 Jul 13

When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result

Share

CVE-2016-5603 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy