CVE-2021-2141

Name of the Vulnerable Software and Affected Versions Oracle FLEXCUBE Direct Banking versions 12.0.2 through 12.0.3

Description The issue exists due to insufficient input validation in the Pre Login component of Oracle FLEXCUBE Direct Banking. This allows a remote attacker to modify data or gain privileged access via network packets. The exploitation is difficult and requires human interaction from someone other than the attacker, resulting in potential unauthorized access to update, insert, or delete some accessible data.

Recommendations For versions 12.0.2 and 12.0.3, consider restricting network access via Oracle Net to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit privileged access to the Pre Login component to reduce the potential impact of the issue.