Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-8302

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 4.3 (Confidentiality impacts).

Published

2017-01-27T22:59:01.037

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

8.0

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-200
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application oracle flexcube_universal_banking 11.3.0 Yes
Application oracle flexcube_universal_banking 11.4.0 Yes
Application oracle flexcube_universal_banking 12.0.1 Yes
Application oracle flexcube_universal_banking 12.0.2 Yes
Application oracle flexcube_universal_banking 12.0.3 Yes
Application oracle flexcube_universal_banking 12.1.0 Yes
Application oracle flexcube_universal_banking 12.2.0 Yes
References