CVE-2019-2793

2019-07-2322:31:46

oracle

www.cve.org

3.5 Low

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.1%

JSON

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.1-12.0.3, 12.1.0-12.4.0 and 14.0.0-14.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Universal Banking. CVSS 3.0 Base Score 3.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L).

CNA Affected

[
  {
    "product": "FLEXCUBE Universal Banking",
    "vendor": "Oracle Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "12.0.1-12.0.3"
      },
      {
        "status": "affected",
        "version": "12.1.0-12.4.0"
      },
      {
        "status": "affected",
        "version": "14.0.0-14.2.0"
      }
    ]
  }
]

References

www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html