CVE-2019-2549

Name of the Vulnerable Software and Affected Versions Oracle FLEXCUBE Direct Banking version 12.0.2

Description The issue is related to insufficient access control in the Oracle FLEXCUBE Direct Banking component, specifically in the Logoff Page. This can be exploited by a remote attacker to gain unauthorized access to protected information using the HTTP protocol. Successful attacks require human interaction and can result in unauthorized access to some data, including update, insert, or delete access, as well as read access to a subset of the data.

Recommendations For version 12.0.2, consider restricting access to the Logoff Page until a patch is available to prevent unauthorized access. As a temporary workaround, limit the use of the HTTP protocol for sensitive operations to minimize the risk of exploitation.