CNNVD-202601-3150 Information
CNNVD ID
CNNVD-202601-3150
Related CVE
- CNNVD Published: 2026-01-20
Description (Chinese)
Oracle Financial Services Applications是美国甲骨文(Oracle)公司的一套金融服务软件。该产品包括核心银行、网上银行和财产管理等。FLEXCUBE Investor Servicing是其中的一个实时的、在线覆盖零售、团体、投资银行业务的综合性解决方案组件。 Oracle Financial Services Applications的Oracle FLEXCUBE Investor Servicing 14.5.0.15.0版本、14.7.0.8.0版本和14.8.0.1.0版本存在安全漏洞,该漏洞源于低权限攻击者可通过HTTP网络访问进行攻击,可能导致未经授权的数据创建、删除、修改和访问。
Description (English)
Oracle Financial Services Applications is a financial services software package for Oracle. The product includes core banking, online banking and property management. FLEXUBE Investment Services is an integrated, real-time, online solution component covering retail, group, investment banking. The Oracle FLEXCUBE Investment Service 14.5.15.0, 14.7.0.8.0 and 14.8.0.0.0 have security gaps, which stem from the fact that low-authority attackers can attack through the HTTP network, which may lead to unauthorized data creation, deletion, modification and access.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
甲骨文
Published
2026-01-20
Last Modified
2026-02-24
References
https://access.redhat.com/security/cve/cve-2026-21973 https://www.oracle.com/security-alerts/cpujan2026.html
Patch
https://www.oracle.com/security-alerts/cpujan2026.html
Share on: