CVE-2019-2840

4 documents4 sources
Severity
5.7MEDIUM
EPSS
0.3%
top 43.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Flexcube Universal BankingOracle Corporation Flexcube Universal Banking
Timeline
PublishedJul 23
Latest updateMay 24

Description

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.1-12.0.3, 12.1.0-12.4.0 and 14.0.0-14.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can r

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:NExploitability: 2.1 | Impact: 3.6

Affected Packages2 packages

NVDoracle/flexcube_universal_banking12.0.112.0.3+2
CVEListV5oracle_corporation/flexcube_universal_banking12.0.1-12.0.3, 12.1.0-12.4.0, 14.0.0-14.2.0+2

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-v6rj-2w5j-2hhv: Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure)2022-05-24
CVEList
CVE-2019-2840: Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure)2019-07-23

💥Exploits & PoCs

1
Exploit-DB
OpenSource ERP 6.3.1. - SQL Injection2019-01-10
CVE-2019-2840 (MEDIUM CVSS 5.7) | Vulnerability in the Oracle FLEXCUB | cvebase.io