Main Vulnerability Database Vulnerabilities #VU1057

Information disclosure in Oracle Financial Services Software and Oracle FLEXCUBE Universal Banking - CVE-2016-5490

Published: October 24, 2016 / Updated: January 5, 2017

Vulnerability identifier: #VU1057

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2016-5490

CWE-ID: CWE-399

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Oracle

Affected software:
Oracle Financial Services Software
Oracle FLEXCUBE Universal Banking

Detailed vulnerability description

The vulnerability allows a local user to access data on the target system.
The weakness is caused by a flaw in the Oracle FLEXCUBE Universal Banking INFRA component and lets attacker obtain arbitrary files.
Successful exploitation of the vulnerability results in disclosure of information on the vulnerable system.

How to mitigate CVE-2016-5490

Sources

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixIFLX
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

Information disclosure in Oracle Financial Services Software and Oracle FLEXCUBE Universal Banking - CVE-2016-5490

Detailed vulnerability description

How to mitigate CVE-2016-5490

Sources

Please verify you're human