CVE-2020-14897

4 documents4 sources
Severity
6.5MEDIUM
EPSS
1.7%
top 17.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Corporation Flexcube Direct BankingOracle Flexcube Direct Banking
Timeline
PublishedOct 21
Latest updateMay 24

Description

Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle Financial Services Applications (component: Pre Login). Supported versions that are affected are 12.0.1, 12.0.2 and 12.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to crit

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDoracle/flexcube_direct_banking12.0.1, 12.0.2, 12.0.3+2
CVEListV5oracle_corporation/flexcube_direct_banking12.0.1, 12.0.2, 12.0.3+2

🔴Vulnerability Details

2
GHSA
GHSA-f4rm-f9w6-m7wm: Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle Financial Services Applications (component: Pre Login)2022-05-24
CVEList
CVE-2020-14897: Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle Financial Services Applications (component: Pre Login)2020-10-21

📋Vendor Advisories

1
Oracle
Oracle Oracle Financial Services Applications Risk Matrix: Pre Login — CVE-2020-148972020-10-15