CVE-2016-5607
high
CVSS v3
8.8
CVSS v2
6.5
VIR risk
8.8
Description
Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3, 12.1.0, and 12.2.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to INFRA.
Predictions
Exploit likelihood
92%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secalert_us@oracle.com — http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| oracle | flexcube_universal_banking | 11.3.0 | |
| oracle | flexcube_universal_banking | 11.4.0 | |
| oracle | flexcube_universal_banking | 12.0.1 | |
| oracle | flexcube_universal_banking | 12.0.2 | |
| oracle | flexcube_universal_banking | 12.0.3 | |
| oracle | flexcube_universal_banking | 12.1.0 | |
| oracle | flexcube_universal_banking | 12.2.0 | |
References
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.securityfocus.com/bid/93651
- http://www.securitytracker.com/id/1037049
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.securityfocus.com/bid/93651
- http://www.securitytracker.com/id/1037049
CWEs
CWE-284
Verify integrity in audit chain (admin only). AS-IS.