Skip to main content

Flexcube Universal Banking CVE-2016-8305

LOW
Information Exposure (CWE-200)
2017-01-27 secalert_us@oracle.com
2.1
CVSS 3.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Jan 27, 2017 - 22:59 cve.org
LOW 2.1

DescriptionCVE.org

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows physical access to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 2.1 (Confidentiality impacts).

AnalysisAI

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Rated low severity (CVSS 2.1), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows physical access to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 2.1 (Confidentiality impacts). Affected products include: Oracle Flexcube Universal Banking.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2016-5607 HIGH
8.8 Oct 25

Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 1

CVE-2018-2648 HIGH
8.8 Jan 18

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent

CVE-2016-8297 HIGH
8.1 Jan 27

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent

CVE-2016-5619 HIGH
8.1 Oct 25

Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 1

CVE-2019-2754 HIGH
8.1 Jul 23

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent

CVE-2018-3015 HIGH
8.1 Jul 18

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent

CVE-2018-2649 HIGH
8.1 Jan 18

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent

CVE-2021-37714 HIGH
7.5 Aug 18

jsoup is a Java library for working with HTML. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitabl

CVE-2021-36090 HIGH
7.5 Jul 13

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally lead

CVE-2021-35517 HIGH
7.5 Jul 13

When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally lead

CVE-2021-35516 HIGH
7.5 Jul 13

When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads

CVE-2021-35515 HIGH
7.5 Jul 13

When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result

Share

CVE-2016-8305 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy