CVE-2021-2141

Description

Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle Financial Services Applications (component: Pre Login). Supported versions that are affected are 12.0.2 and 12.0.3. Difficult to exploit vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Direct Banking accessible data. CVSS 3.1 Base Score 2.0 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N).

Related CPE's

aoracleflexcube_direct_banking12.0.2*******
vulnerable
aoracleflexcube_direct_banking12.0.3*******
vulnerable

References

https://www.oracle.com/security-alerts/cpuapr2021.html

PatchVendor Advisory

CvssV3 impact

Version

3.1

VectorString

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N

AttackVector

NETWORK

AttackComplexity

HIGH

PrivilegesRequired

HIGH

UserInteraction

REQUIRED

Scope

UNCHANGED

ConfidentialityImpact

NONE

IntegrityImpact

LOW

AvailabilityImpact

NONE

BaseScore

2

BaseSeverity

LOW

CvssV2 impact

AccessComplexity

HIGH

ConfidentialityImpact

NONE

AvailabilityImpact

NONE

IntegrityImpact

PARTIAL

BaseScore

2.1

VectorString

AV:N/AC:H/Au:S/C:N/I:P/A:N

Version

2.0

AccessVector

NETWORK

Authentication

SINGLE