Main Vulnerability Database Vulnerabilities #VU1058

Information disclosure in Oracle Financial Services Software and Oracle FLEXCUBE Universal Banking - CVE-2016-5594

Published: October 24, 2016 / Updated: January 5, 2017

Vulnerability identifier: #VU1058

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2016-5594

CWE-ID: CWE-399

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Oracle

Affected software:
Oracle Financial Services Software
Oracle FLEXCUBE Universal Banking

Detailed vulnerability description

The vulnerability allows a remote authenticated user to access data on the target system.
The weakness is caused by a flaw in the Oracle FLEXCUBE Universal Banking INFRA component and lets attacker obtain arbitrary files.
Successful exploitation of the vulnerability results in disclosure of information on the vulnerable system.

How to mitigate CVE-2016-5594

Sources

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixIFLX

Information disclosure in Oracle Financial Services Software and Oracle FLEXCUBE Universal Banking - CVE-2016-5594

Detailed vulnerability description

How to mitigate CVE-2016-5594

Sources

Please verify you're human