SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Oracle Financial Services Applications Vendors:   Oracle
Oracle Financial Services Applications Multiple Flaws Let Remote and Local Users Access Data, Remote Users Modify Data, and Remote Authenticated Users Deny Service
SecurityTracker Alert ID:  1038934
SecurityTracker URL:  http://securitytracker.com/id/1038934
CVE Reference:   CVE-2017-10005, CVE-2017-10006, CVE-2017-10007, CVE-2017-10009, CVE-2017-10010, CVE-2017-10011, CVE-2017-10012, CVE-2017-10022, CVE-2017-10023, CVE-2017-10071, CVE-2017-10072, CVE-2017-10073, CVE-2017-10083, CVE-2017-10084, CVE-2017-10085, CVE-2017-10098, CVE-2017-10103, CVE-2017-10181   (Links to External Site)
Date:  Jul 18 2017
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Multiple vulnerabilities were reported in Oracle Financial Services Applications. A remote user can access and modify data on the target system. A remote authenticated user can cause denial of service conditions on the target system. A local user can access data on the target system.

A remote authenticated user can exploit a flaw in the Oracle FLEXCUBE Universal Banking Infrastructure component to access and partially modify data [CVE-2017-10085].

A remote authenticated user can exploit a flaw in the Oracle FLEXCUBE Direct Banking Forgot Password component to partially access data, partially modify data, and deny service [CVE-2017-10181].

A remote authenticated user can exploit a flaw in the Oracle FLEXCUBE Private Banking Miscellaneous component to modify data [CVE-2017-10006].

A remote authenticated user can exploit a flaw in the Oracle FLEXCUBE Private Banking Miscellaneous component to access data [CVE-2017-10103].

A remote authenticated user can exploit a flaw in the Oracle FLEXCUBE Private Banking Operations component to access data [CVE-2017-10023].

A remote authenticated user can exploit a flaw in the Oracle FLEXCUBE Universal Banking Report Generator component to access data [CVE-2017-10084].

A remote user can exploit a flaw in the Oracle FLEXCUBE Private Banking Miscellaneous component to partially access and partially modify data [CVE-2017-10005].

A remote user can exploit a flaw in the Oracle FLEXCUBE Universal Banking Infrastructure component to partially access and partially modify data [CVE-2017-10083].

A local user can exploit a flaw in the Oracle FLEXCUBE Private Banking Miscellaneous component to access data [CVE-2017-10011].

A remote authenticated user can exploit a flaw in the Oracle FLEXCUBE Private Banking Operations component to partially access and partially modify data [CVE-2017-10012].

A remote authenticated user can exploit a flaw in the Oracle FLEXCUBE Universal Banking All Modules component to partially access and partially modify data [CVE-2017-10072].

A remote authenticated user can exploit a flaw in the Oracle FLEXCUBE Universal Banking Infrastructure component to partially access and partially modify data [CVE-2017-10073, CVE-2017-10098].

A remote authenticated user can exploit a flaw in the Oracle FLEXCUBE Private Banking FileUploads component to partially access and partially modify data [CVE-2017-10010].

A remote authenticated user can exploit a flaw in the Oracle FLEXCUBE Private Banking Miscellaneous component to partially modify data [CVE-2017-10009].

A remote authenticated user can exploit a flaw in the Oracle FLEXCUBE Private Banking Miscellaneous component to partially access data [CVE-2017-10007].

A remote authenticated user can exploit a flaw in the Oracle FLEXCUBE Private Banking Operations component to partially access data [CVE-2017-10022].

A remote user can exploit a flaw in the Oracle FLEXCUBE Universal Banking All Modules component to partially modify data [CVE-2017-10071].

Ubais PK of EY Global Delivery Services and Hassan El Hadary - Secure Misr reported two of these vulnerabilities.

Impact:   A remote user can obtain data on the target system.

A remote user can modify data on the target system.

A remote authenticated user can cause denial of service conditions on the target system.

A local user can obtain data on the target system.

Solution:   The vendor has issued a fix as part of the July 2017 Oracle Critical Patch Update.

The vendor advisory is available at:

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

Vendor URL:  www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html (Links to External Site)
Cause:   Not specified

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC