CVE-2017-3297 : Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financia

Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Framework). Supported versions that are affected are 12.0.2 and 12.0.3. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Direct Banking accessible data. CVSS v3.0 Base Score 5.3 (Confidentiality impacts).

Published 2017-01-27 22:59:04

Updated 2019-10-03 00:03:26

Source Oracle

View at NVD, CVE.org

Vulnerability category: Bypass

Products affected by CVE-2017-3297

Oracle » Flexcube Direct Banking » Version: 12.0.3
cpe:2.3:a:oracle:flexcube_direct_banking:12.0.3:*:*:*:*:*:*:*
Matching versions
Oracle » Flexcube Direct Banking » Version: 12.0.2
cpe:2.3:a:oracle:flexcube_direct_banking:12.0.2:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2017-3297

EPSS FAQ

0.30%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 51 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-3297

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
3.5	LOW	AV:N/AC:M/Au:S/C:P/I:N/A:N	6.8	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
5.3	MEDIUM	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N	1.6	3.6	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

References for CVE-2017-3297

http://www.securityfocus.com/bid/95603

Oracle FLEXCUBE Direct Banking CVE-2017-3297 Remote Security Vulnerability
http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html

Oracle Critical Patch Update - January 2017
Patch;Vendor Advisory

CVEs referencing this url
http://www.securitytracker.com/id/1037636

Oracle Financial Services Applications Multiple Flaws Let Remote and Local Users Access and Modify Data and Let Remote Users Deny Service - SecurityTracker

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2017-3297

Products affected by CVE-2017-3297

Exploit prediction scoring system (EPSS) score for CVE-2017-3297

CVSS scores for CVE-2017-3297

References for CVE-2017-3297