OSVDB ID: 81413

Title: Oracle FLEXCUBE Direct Banking Virtual Banking Component Unspecified Remote Information Disclosure

Info

Disclosure

Apr 18, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Apr 18, 2012

Description

Oracle FLEXCUBE Direct Banking contains a flaw related to the Virtual Banking component that may lead to an unauthorized information disclosure. The issue may allow an authenticated remote attack to potentially gain access to sensitive information.

Classification

Location: Remote / Network Access
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Solution: Patch / RCS
Exploit: Exploit Unknown
Disclosure: Vendor Verified
OSVDB: Authentication Required

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Oracle has released a patch to address this vulnerability. Check the vendor advisory in the references section.

Products

Oracle Corporation	FLEXCUBE Direct Banking	5.0.2
		5.3.0
		5.3.1
		5.3.2
		5.3.3
		5.3.4
		6.0.1
		6.2.0

References

Security Tracker: 1026953
CVE ID: 2012-1676 (see also: NVD)
Secunia Advisory ID: 48886
Related OSVDB ID: 81410 81411 81412 81414 81415 81416 81417
Vendor Specific Advisory URL: http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html#AppendixIFLX
http://www.oracle.com/technetwork/topics/security/cpuapr2012verbose-366316.html#Oracle%20Financial%20Services%20Software
Vendor Specific News/Changelog Entry: https://blogs.oracle.com/security/entry/april_2012_critical_patch_update

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/81413

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Oracle Corporation

FLEXCUBE Direct Banking

References

Credit