CVE-2021-2141

Description


Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle Financial Services Applications (component: Pre Login). Supported versions that are affected are 12.0.2 and 12.0.3. Difficult to exploit vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Direct Banking accessible data. CVSS 3.1 Base Score 2.0 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N).

CvssV3 impact


Version

3.1

VectorString

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N

AttackVector

NETWORK

AttackComplexity

HIGH

PrivilegesRequired

HIGH

UserInteraction

REQUIRED

Scope

UNCHANGED

ConfidentialityImpact

NONE

IntegrityImpact

LOW

AvailabilityImpact

NONE

BaseScore

2

BaseSeverity

LOW

CvssV2 impact


AccessComplexity

HIGH

ConfidentialityImpact

NONE

AvailabilityImpact

NONE

IntegrityImpact

PARTIAL

BaseScore

2.1

VectorString

AV:N/AC:H/Au:S/C:N/I:P/A:N

Version

2.0

AccessVector

NETWORK

Authentication

SINGLE