Description
Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Flex-Branch). Supported versions that are affected are 12.3, 12.4, 14.0-14.4 and . Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpujul2021.html
Scores
CVSS v3
5.9
EPSS
0.0146
EPSS Percentile
81.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
Status
published
Products (3)
oracle/flexcube_universal_banking
12.3.0
oracle/flexcube_universal_banking
12.4.0
oracle/flexcube_universal_banking
14.0.0 - 14.4.0
Published
Jul 21, 2021
Tracked Since
Feb 18, 2026