What is the severity of CVE-2017-10098?

CVE-2017-10098 is considered an easily exploitable vulnerability allowing low privilege users to perform unauthorized actions.

How do I fix CVE-2017-10098?

To fix CVE-2017-10098, apply the latest patches provided by Oracle for affected versions of Oracle FLEXCUBE Universal Banking.

Which versions of Oracle FLEXCUBE are affected by CVE-2017-10098?

CVE-2017-10098 affects Oracle FLEXCUBE Universal Banking versions 11.3.0, 11.4.0, 12.0.1 to 12.3.0.

Can CVE-2017-10098 be exploited remotely?

Yes, CVE-2017-10098 can be exploited remotely by low privilege users to gain unauthorized access.

What is the nature of the vulnerability in CVE-2017-10098?

CVE-2017-10098 allows attackers to exploit weaknesses in the Oracle FLEXCUBE Universal Banking infrastructure.

Vulnerability/
CVE-2017-10098

medium

5.5

CWE

269

8/8/2017

4/10/2024

CVE-2017-10098

First published: Tue Aug 08 2017(Updated: )

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0 and 12.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).

Credit: secalert_us@oracle.com

Affected Software	Affected Version	How to fix
Oracle FLEXCUBE Universal Banking	=11.3.0
Oracle FLEXCUBE Universal Banking	=11.4.0
Oracle FLEXCUBE Universal Banking	=12.0.1
Oracle FLEXCUBE Universal Banking	=12.0.2
Oracle FLEXCUBE Universal Banking	=12.0.3
Oracle FLEXCUBE Universal Banking	=12.1.0
Oracle FLEXCUBE Universal Banking	=12.2.0
Oracle FLEXCUBE Universal Banking	=12.3.0

Remedy

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-10098?
CVE-2017-10098 is considered an easily exploitable vulnerability allowing low privilege users to perform unauthorized actions.
How do I fix CVE-2017-10098?
To fix CVE-2017-10098, apply the latest patches provided by Oracle for affected versions of Oracle FLEXCUBE Universal Banking.
Which versions of Oracle FLEXCUBE are affected by CVE-2017-10098?
CVE-2017-10098 affects Oracle FLEXCUBE Universal Banking versions 11.3.0, 11.4.0, 12.0.1 to 12.3.0.
Can CVE-2017-10098 be exploited remotely?
Yes, CVE-2017-10098 can be exploited remotely by low privilege users to gain unauthorized access.
What is the nature of the vulnerability in CVE-2017-10098?
CVE-2017-10098 allows attackers to exploit weaknesses in the Oracle FLEXCUBE Universal Banking infrastructure.

collector/nvd-index
agent/softwarecombine
agent/type
collector/mitre-cve
source/MITRE
agent/remedy
agent/last-modified-date
agent/references
agent/severity
agent/weakness
agent/author
agent/description
agent/first-publish-date
agent/event
agent/tags
agent/source
vendor/oracle
canonical/oracle flexcube universal banking
version/oracle flexcube universal banking/11.3.0
version/oracle flexcube universal banking/11.4.0
version/oracle flexcube universal banking/12.0.1
version/oracle flexcube universal banking/12.0.2
version/oracle flexcube universal banking/12.0.3
version/oracle flexcube universal banking/12.1.0
version/oracle flexcube universal banking/12.2.0
version/oracle flexcube universal banking/12.3.0