PT-2026-3720 · Oracle · Oracle Flexcube Investor Servicing
Kritnarong Samertung
·
Published
2026-01-20
·
Updated
2026-02-02
·
CVE-2026-21973
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Oracle FLEXCUBE Investor Servicing versions 14.5.0.15.0 through 14.8.0.1.0
Description
A security issue exists within the Security Management System component of the Oracle FLEXCUBE Investor Servicing product. A low-privileged attacker with network access via HTTP can compromise the system. Successful exploitation may lead to unauthorized data modification, deletion, or creation, potentially granting access to critical or all accessible data.
Recommendations
Update Oracle FLEXCUBE Investor Servicing version 14.5.0.15.0 to a later version.
Update Oracle FLEXCUBE Investor Servicing version 14.7.0.8.0 to a later version.
Update Oracle FLEXCUBE Investor Servicing version 14.8.0.1.0 to a later version.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Oracle Flexcube Investor Servicing