Skip to main content

Flexcube Universal Banking CVE-2016-8297

HIGH
Improper Access Control (CWE-284)
2017-01-27 secalert_us@oracle.com
8.1
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
8.1 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Jan 27, 2017 - 22:59 cve.org
HIGH 8.1

DescriptionCVE.org

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 8.1 (Confidentiality and Integrity impacts).

AnalysisAI

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-284. Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 8.1 (Confidentiality and Integrity impacts). Affected products include: Oracle Flexcube Universal Banking.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2016-5607 HIGH
8.8 Oct 25

Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 1

CVE-2018-2648 HIGH
8.8 Jan 18

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent

CVE-2016-5619 HIGH
8.1 Oct 25

Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 1

CVE-2019-2754 HIGH
8.1 Jul 23

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent

CVE-2018-3015 HIGH
8.1 Jul 18

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent

CVE-2018-2649 HIGH
8.1 Jan 18

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent

CVE-2021-37714 HIGH
7.5 Aug 18

jsoup is a Java library for working with HTML. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitabl

CVE-2021-36090 HIGH
7.5 Jul 13

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally lead

CVE-2021-35517 HIGH
7.5 Jul 13

When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally lead

CVE-2021-35516 HIGH
7.5 Jul 13

When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads

CVE-2021-35515 HIGH
7.5 Jul 13

When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result

CVE-2016-8310 HIGH
7.3 Jan 27

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent

Share

CVE-2016-8297 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy