Multiple vulnerabilities in Oracle Financial Services Applications
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 34 |
| CVE-ID | CVE-2018-2592 CVE-2018-2614 CVE-2018-2626 CVE-2018-2630 CVE-2018-2648 CVE-2018-2649 CVE-2018-2660 CVE-2018-2661 CVE-2018-2670 CVE-2018-2674 CVE-2018-2679 CVE-2018-2682 CVE-2018-2692 CVE-2018-2704 CVE-2018-2705 CVE-2018-2706 CVE-2018-2707 CVE-2018-2708 CVE-2018-2709 CVE-2018-2712 CVE-2018-2714 CVE-2018-2716 CVE-2018-2719 CVE-2018-2720 CVE-2018-2721 CVE-2018-2722 CVE-2018-2723 CVE-2018-2724 CVE-2018-2725 CVE-2018-2726 CVE-2018-2727 CVE-2018-2728 CVE-2018-2729 CVE-2018-2732 |
| CWE-ID | CWE-264 CWE-200 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Oracle Financial Services Software Server applications / Other server solutions |
| Vendor | Oracle |
Security Bulletin
This security bulletin contains information about 34 vulnerabilities.
1) Security restrictions bypass
EUVDB-ID: #VU10041
Risk: Low
CVSSv4.0: 6.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-2592
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to bypass security restrictions on the target system.
The weakness exists due to a flaw in the Oracle Financial Services Balance Sheet Planning User Interface component. A remote attacker can access and modify data.
Install update from vendor's website.
Vulnerable software versionsOracle Financial Services Software: 8.0.0 - 8.0.3
CPE2.3- cpe:2.3:a:oracle:oracle_financial_services_software:8.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:8.0.2:*:*:*:*:*:*:*
https://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information disclosure
EUVDB-ID: #VU10067
Risk: Low
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-2614
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to obtain potentially sensitive information on the target system.
The weakness exists due to a flaw in the Oracle FLEXCUBE Universal Banking Infrastructure component. A remote attacker can access important data.
Install update from vendor's website.
Vulnerable software versionsOracle Financial Services Software: 11.3.0 - 12.4.0
CPE2.3- cpe:2.3:a:oracle:oracle_financial_services_software:11.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:11.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:12.0.1:*:*:*:*:*:*:*
https://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Security restrictions bypass
EUVDB-ID: #VU10054
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-2626
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to a flaw in the Oracle Financial Services Balance Sheet Planning User Interface component. A remote attacker can partially access and partially modify data.
Install update from vendor's website.
Vulnerable software versionsOracle Financial Services Software: 8.0.0 - 8.0.5
CPE2.3- cpe:2.3:a:oracle:oracle_financial_services_software:8.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:8.0.2:*:*:*:*:*:*:*
https://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Security restrictions bypass
EUVDB-ID: #VU10064
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-2630
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to bypass security restrictions on the target system.
The weakness exists due to a flaw in the Oracle FLEXCUBE Universal Banking Security Management System component. A remote attacker can partially access and partially modify data.
Install update from vendor's website.
Vulnerable software versionsOracle Financial Services Software: 11.5.0 - 11.7.0
CPE2.3- cpe:2.3:a:oracle:oracle_financial_services_software:11.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:11.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:11.7.0:*:*:*:*:*:*:*
https://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Privilege escalation
EUVDB-ID: #VU10037
Risk: Low
CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-2648
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.
The weakness exists due to a flaw in the Oracle FLEXCUBE Universal Banking Infrastructure component. A remote attacker can gain administrative privileges.
Install update from vendor's website.
Vulnerable software versionsOracle Financial Services Software: 11.3.0 - 12.4.0
CPE2.3- cpe:2.3:a:oracle:oracle_financial_services_software:11.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:11.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:12.0.1:*:*:*:*:*:*:*
https://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Denial of service
EUVDB-ID: #VU10050
Risk: Low
CVSSv4.0: 5.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-2649
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists due to a flaw in the Oracle FLEXCUBE Universal Banking Infrastructure component. A remote attacker can modify data and cause denial of service conditions.
Install update from vendor's website.
Vulnerable software versionsOracle Financial Services Software: 11.3.0 - 12.4.0
CPE2.3- cpe:2.3:a:oracle:oracle_financial_services_software:11.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:11.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:12.0.1:*:*:*:*:*:*:*
https://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Security restrictions bypass
EUVDB-ID: #VU10051
Risk: Medium
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:U/U:Green]
CVE-ID: CVE-2018-2660
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to bypass security restrictions on the target system.
The weakness exists due to a flaw in the Oracle Financial Services Analytical Applications Infrastructure Core component. A remote attacker can partially access data, partially modify data, and partially deny service.
Install update from vendor's website.
Vulnerable software versionsOracle Financial Services Software: 7.3.5.0 - 8.0.5
CPE2.3- cpe:2.3:a:oracle:oracle_financial_services_software:7.3.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:7.3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:7.3.5.2:*:*:*:*:*:*:*
https://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Security restrictions bypass
EUVDB-ID: #VU10052
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-2661
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to a flaw in the Oracle Financial Services Analytical Applications Infrastructure Core component. A remote attacker can partially access and partially modify data.
Install update from vendor's website.
Vulnerable software versionsOracle Financial Services Software: 7.3.5.0 - 8.0.5
CPE2.3- cpe:2.3:a:oracle:oracle_financial_services_software:7.3.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:7.3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:7.3.5.2:*:*:*:*:*:*:*
https://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Security restrictions bypass
EUVDB-ID: #VU10062
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-2670
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to a flaw in the Oracle Financial Services Profitability Management User Interface component. A remote attacker can partially access and partially modify data.
Install update from vendor's website.
Vulnerable software versionsOracle Financial Services Software: 6.1 - 8.0.5
CPE2.3- cpe:2.3:a:oracle:oracle_financial_services_software:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:8.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:8.0.1:*:*:*:*:*:*:*
https://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Security restrictions bypass
EUVDB-ID: #VU10063
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-2674
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to a flaw in the Oracle FLEXCUBE Direct Banking Logoff component. A remote attacker can partially access and partially modify data.
Install update from vendor's website.
Vulnerable software versionsOracle Financial Services Software: 12.0.2 - 12.0.3
CPE2.3- cpe:2.3:a:oracle:oracle_financial_services_software:12.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:12.0.3:*:*:*:*:*:*:*
https://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Security restrictions bypass
EUVDB-ID: #VU10049
Risk: Low
CVSSv4.0: 6.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-2679
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to bypass security restrictions on the target system.
The weakness exists due to a flaw in the Oracle Financial Services Profitability Management User Interface component. A remote attacker can access and modify data.
Install update from vendor's website.
Vulnerable software versionsOracle Financial Services Software: 6.1 - 8.0.3
CPE2.3- cpe:2.3:a:oracle:oracle_financial_services_software:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:8.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:8.0.1:*:*:*:*:*:*:*
https://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Security restrictions bypass
EUVDB-ID: #VU10057
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-2682
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to a flaw in the Oracle Financial Services Liquidity Risk Management User Interface component. A remote attacker can partially access and partially modify data.
Install update from vendor's website.
Vulnerable software versionsOracle Financial Services Software: 8.0.0 - 8.0.5
CPE2.3- cpe:2.3:a:oracle:oracle_financial_services_software:8.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:8.0.2:*:*:*:*:*:*:*
https://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Security restrictions bypass
EUVDB-ID: #VU10053
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-2692
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to a flaw in the Oracle Financial Services Asset Liability Management User Interface component. A remote attacker can partially access and partially modify data.
Install update from vendor's website.
Vulnerable software versionsOracle Financial Services Software: 6.1 - 8.0.5
CPE2.3- cpe:2.3:a:oracle:oracle_financial_services_software:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:8.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:8.0.1:*:*:*:*:*:*:*
https://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Denial of service
EUVDB-ID: #VU10039
Risk: Low
CVSSv4.0: 5.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-2704
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists due to a flaw in the Oracle Banking Payments Payments Core component. A remote attacker can modify data and cause denial of service conditions.
Install update from vendor's website.
Vulnerable software versionsOracle Financial Services Software: 12.3.0 - 12.4.0
CPE2.3- cpe:2.3:a:oracle:oracle_financial_services_software:12.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:12.4.0:*:*:*:*:*:*:*
https://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Privilege escalation
EUVDB-ID: #VU10036
Risk: Low
CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-2705
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.
The weakness exists due to a flaw in the Oracle Banking Payments Payments Core component. A remote attacker can gain administrative privileges.
Install update from vendor's website.
Vulnerable software versionsOracle Financial Services Software: 12.3.0 - 12.4.0
CPE2.3- cpe:2.3:a:oracle:oracle_financial_services_software:12.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:12.4.0:*:*:*:*:*:*:*
https://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Privilege escalation
EUVDB-ID: #VU10035
Risk: Low
CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-2706
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.
The weakness exists due to a flaw in the Oracle Banking Corporate Lending Core module component. A remote attacker can gain administrative privileges.
Install update from vendor's website.
Vulnerable software versionsOracle Financial Services Software: 12.3.0 - 12.4.0
CPE2.3- cpe:2.3:a:oracle:oracle_financial_services_software:12.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:12.4.0:*:*:*:*:*:*:*
https://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Denial of service
EUVDB-ID: #VU10038
Risk: Low
CVSSv4.0: 5.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-2707
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists due to a flaw in the Oracle Banking Corporate Lending Core module component. A remote attacker can modify data and cause denial of service conditions.
Install update from vendor's website.
Vulnerable software versionsOracle Financial Services Software: 12.3.0 - 12.4.0
CPE2.3- cpe:2.3:a:oracle:oracle_financial_services_software:12.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:12.4.0:*:*:*:*:*:*:*
https://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Information disclosure
EUVDB-ID: #VU10066
Risk: Low
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-2708
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to obtain potentially sensitive information on the target system.
The weakness exists due to a flaw in the Oracle Banking Payments Payments Core component. A remote attacker can access important data.
Install update from vendor's website.
Vulnerable software versionsOracle Financial Services Software: 12.2.0 - 12.3.0
CPE2.3- cpe:2.3:a:oracle:oracle_financial_services_software:12.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:12.3.0:*:*:*:*:*:*:*
https://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Information disclosure
EUVDB-ID: #VU10065
Risk: Low
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-2709
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to obtain potentially sensitive information on the target system.
The weakness exists due to a flaw in the Oracle Banking Corporate Lending Core module component. A remote attacker can access important data.
Install update from vendor's website.
Vulnerable software versionsOracle Financial Services Software: 12.2.0 - 12.3.0
CPE2.3- cpe:2.3:a:oracle:oracle_financial_services_software:12.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:12.3.0:*:*:*:*:*:*:*
https://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Security restrictions bypass
EUVDB-ID: #VU10058
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-2712
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to a flaw in the Oracle Financial Services Loan Loss Forecasting and Provisioning User Interface component. A remote attacker can partially access and partially modify data.
Install update from vendor's website.
Vulnerable software versionsOracle Financial Services Software: 8.0.0 - 8.0.5
CPE2.3- cpe:2.3:a:oracle:oracle_financial_services_software:8.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:8.0.2:*:*:*:*:*:*:*
https://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Security restrictions bypass
EUVDB-ID: #VU10059
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-2714
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to a flaw in the Oracle Financial Services Market Risk User Interface component. A remote attacker can partially access and partially modify data.
Install update from vendor's website.
Vulnerable software versionsOracle Financial Services Software: 8.0.0 - 8.0.5
CPE2.3- cpe:2.3:a:oracle:oracle_financial_services_software:8.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:8.0.2:*:*:*:*:*:*:*
https://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Security restrictions bypass
EUVDB-ID: #VU10060
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-2716
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to a flaw in the Oracle Financial Services Market Risk Measurement and Management User Interface component. A remote attacker can partially access and partially modify data.
Install update from vendor's website.
Vulnerable software versionsOracle Financial Services Software: 8.0.5
CPE2.3 External linkshttps://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Security restrictions bypass
EUVDB-ID: #VU10056
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-2719
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to a flaw in the Oracle Financial Services Hedge Management and IFRS Valuations User Interface component. A remote attacker can partially access and partially modify data.
Install update from vendor's website.
Vulnerable software versionsOracle Financial Services Software: 8.0.0 - 8.0.5
CPE2.3- cpe:2.3:a:oracle:oracle_financial_services_software:8.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:8.0.2:*:*:*:*:*:*:*
https://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Security restrictions bypass
EUVDB-ID: #VU10044
Risk: Low
CVSSv4.0: 6.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-2720
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to bypass security restrictions on the target system.
The weakness exists due to a flaw in the Oracle Financial Services Liquidity Risk Management User Interface component. A remote attacker can access and modify data.
Install update from vendor's website.
Vulnerable software versionsOracle Financial Services Software: 8.0.0 - 8.0.3
CPE2.3- cpe:2.3:a:oracle:oracle_financial_services_software:8.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:8.0.2:*:*:*:*:*:*:*
https://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Security restrictions bypass
EUVDB-ID: #VU10048
Risk: Low
CVSSv4.0: 6.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-2721
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to bypass security restrictions on the target system.
The weakness exists due to a flaw in the Oracle Financial Services Price Creation and Discovery User Interface component. A remote attacker can access and modify data.
Install update from vendor's website.
Vulnerable software versionsOracle Financial Services Software: 8.0.5
CPE2.3 External linkshttps://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Security restrictions bypass
EUVDB-ID: #VU10061
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-2722
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to a flaw in the Oracle Financial Services Price Creation and Discovery User Interface component. A remote attacker can partially access and partially modify data.
Install update from vendor's website.
Vulnerable software versionsOracle Financial Services Software: 8.0.5
CPE2.3 External linkshttps://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Security restrictions bypass
EUVDB-ID: #VU10040
Risk: Low
CVSSv4.0: 6.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-2723
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to bypass security restrictions on the target system.
The weakness exists due to a flaw in the Oracle Financial Services Asset Liability Management User Interface component. A remote attacker can access and modify data.
Install update from vendor's website.
Vulnerable software versionsOracle Financial Services Software: 6.1 - 8.0.3
CPE2.3- cpe:2.3:a:oracle:oracle_financial_services_software:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:8.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:8.0.1:*:*:*:*:*:*:*
https://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Security restrictions bypass
EUVDB-ID: #VU10045
Risk: Low
CVSSv4.0: 6.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-2724
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to bypass security restrictions on the target system.
The weakness exists due to a flaw in the Oracle Financial Services Loan Loss Forecasting and Provisioning User Interface component. A remote attacker can access and modify data.
Install update from vendor's website.
Vulnerable software versionsOracle Financial Services Software: 8.0.0 - 8.0.3
CPE2.3- cpe:2.3:a:oracle:oracle_financial_services_software:8.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:8.0.2:*:*:*:*:*:*:*
https://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Security restrictions bypass
EUVDB-ID: #VU10043
Risk: Low
CVSSv4.0: 6.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-2725
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to bypass security restrictions on the target system.
The weakness exists due to a flaw in the Oracle Financial Services Hedge Management and IFRS Valuations User Interface component. A remote attacker can access and modify data.
Install update from vendor's website.
Vulnerable software versionsOracle Financial Services Software: 8.0.0 - 8.0.3
CPE2.3- cpe:2.3:a:oracle:oracle_financial_services_software:8.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:8.0.2:*:*:*:*:*:*:*
https://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Security restrictions bypass
EUVDB-ID: #VU10046
Risk: Low
CVSSv4.0: 6.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-2726
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to bypass security restrictions on the target system.
The weakness exists due to a flaw in the Oracle Financial Services Market Risk User Interface component. A remote attacker can access and modify data.
Install update from vendor's website.
Vulnerable software versionsOracle Financial Services Software: 8.0.0 - 8.0.3
CPE2.3- cpe:2.3:a:oracle:oracle_financial_services_software:8.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:8.0.2:*:*:*:*:*:*:*
https://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Security restrictions bypass
EUVDB-ID: #VU10047
Risk: Low
CVSSv4.0: 6.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-2727
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to bypass security restrictions on the target system.
The weakness exists due to a flaw in the Oracle Financial Services Market Risk Measurement and Management User Interface component. A remote attacker can access and modify data.
Install update from vendor's website.
Vulnerable software versionsOracle Financial Services Software: 8.0.5
CPE2.3 External linkshttps://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Security restrictions bypass
EUVDB-ID: #VU10068
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-2728
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to a flaw in the Oracle Financial Services Funds Transfer Pricing User Interface component. A remote attacker can partially access and partially modify data.
Install update from vendor's website.
Vulnerable software versionsOracle Financial Services Software: 6.1 - 8.0.5
CPE2.3- cpe:2.3:a:oracle:oracle_financial_services_software:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:8.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:8.0.1:*:*:*:*:*:*:*
https://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Security restrictions bypass
EUVDB-ID: #VU10042
Risk: Low
CVSSv4.0: 6.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-2729
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to bypass security restrictions on the target system.
The weakness exists due to a flaw in the Oracle Financial Services Funds Transfer Pricing User Interface component. A remote attacker can access and modify data.
Install update from vendor's website.
Vulnerable software versionsOracle Financial Services Software: 6.1 - 8.0.3
CPE2.3- cpe:2.3:a:oracle:oracle_financial_services_software:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:8.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:8.0.1:*:*:*:*:*:*:*
https://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Security restrictions bypass
EUVDB-ID: #VU10069
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-2732
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to a flaw in the Oracle Financial Services Analytical Applications Reconciliation Framework User Interface component. A remote attacker can partially access and partially modify data.
Install update from vendor's website.
Vulnerable software versionsOracle Financial Services Software: 8.0.0 - 8.0.5
CPE2.3- cpe:2.3:a:oracle:oracle_financial_services_software:8.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_financial_services_software:8.0.2:*:*:*:*:*:*:*
https://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
