CVE-2017-3473

MEDIUM

Oracle FLEXCUBE <12.0.1 - Info Disclosure

Title source: llm

Description

Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0.1 and 12.0.1. Easily "exploitable" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Private Banking accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

References (3)

Scores

CVSS v3 4.3
EPSS 0.0025
EPSS Percentile 47.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Classification

Status published

Affected Products (8)

oracle/flexcube_private_banking
oracle/flexcube_private_banking
oracle/flexcube_private_banking
oracle/flexcube_private_banking
Oracle Corporation/FLEXCUBE Private Banking < 2.0.0
Oracle Corporation/FLEXCUBE Private Banking < 2.0.1
Oracle Corporation/FLEXCUBE Private Banking < 2.2.0.1
Oracle Corporation/FLEXCUBE Private Banking < 12.0.1

Timeline

Published Apr 24, 2017
Tracked Since Feb 18, 2026