CVE-2020-2685

Name of the Vulnerable Software and Affected Versions Oracle FLEXCUBE Universal Banking versions 12.0.1 through 12.4.0 Oracle FLEXCUBE Universal Banking versions 14.0.0 through 14.3.0

Description The issue is related to a lack of protection for service data in the Oracle FLEXCUBE Universal Banking product. This can be exploited by a remote attacker to gain read access to data or to modify, add, or delete data using HTTP requests. The attack requires some interaction from a person other than the attacker and can result in unauthorized access to some of the product's data.

Recommendations For versions 12.0.1 through 12.4.0, update to a version outside of this range to mitigate the risk. For versions 14.0.0 through 14.3.0, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the Infrastructure component until a patch is available. Restrict access to HTTP requests to minimize the risk of exploitation.