CVE-2021-2141:Oracle FLEXCUBE Direct Banking Pre Login Component Vulnerability

splash
Back

Description Preview

A vulnerability exists in the Pre Login component of Oracle FLEXCUBE Direct Banking versions 12.0.2 and 12.0.3. This vulnerability allows high-privileged attackers with network access via Oracle Net to compromise the system. The attack requires human interaction and can result in unauthorized modification of accessible data within the banking system.

Overview

CVE-2021-2141 affects Oracle FLEXCUBE Direct Banking, a banking solution used by financial institutions. The vulnerability specifically impacts the Pre Login component in versions 12.0.2 and 12.0.3. This is a difficult-to-exploit vulnerability that requires both high privileges and user interaction to successfully execute. The vulnerability has a CVSS 3.1 Base Score of 2.0, primarily affecting data integrity. If exploited, attackers could potentially update, insert, or delete some data accessible through the Oracle FLEXCUBE Direct Banking system, compromising the integrity of banking information.

Remediation

Organizations using affected versions of Oracle FLEXCUBE Direct Banking should:

  1. Apply the security patches provided in the Oracle Critical Patch Update from April 2021
  2. Update to the latest version of Oracle FLEXCUBE Direct Banking that contains the fix
  3. Implement network access controls to restrict access to the Oracle Net interface
  4. Enforce strong authentication and authorization mechanisms for privileged users
  5. Conduct security awareness training for users to reduce the risk of social engineering attacks that could facilitate the required user interaction
  6. Monitor system logs for suspicious activities related to data modifications

References

  1. Oracle Critical Patch Update Advisory - April 2021: https://www.oracle.com/security-alerts/cpuapr2021.html
  2. CVSS 3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
  3. Oracle Financial Services Applications Security Documentation

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Accommodation & Food Services
    Accommodation & Food Services
  2. Administrative, Support, Waste Management & Remediation Services
    Administrative, Support, Waste Management & Remediation Services
  3. Agriculture, Forestry Fishing & Hunting
    Agriculture, Forestry Fishing & Hunting
  4. Arts, Entertainment & Recreation
    Arts, Entertainment & Recreation
  5. Construction
    Construction
  6. Educational Services
    Educational Services
  7. Finance and Insurance
    Finance and Insurance
  8. Health Care & Social Assistance
    Health Care & Social Assistance
  9. Information
    Information
  10. Management of Companies & Enterprises
    Management of Companies & Enterprises
  11. Manufacturing
    Manufacturing
  12. Mining
    Mining
  13. Other Services (except Public Administration)
    Other Services (except Public Administration)
  14. Professional, Scientific, & Technical Services
    Professional, Scientific, & Technical Services
  15. Public Administration
    Public Administration
  16. Real Estate Rental & Leasing
    Real Estate Rental & Leasing
  17. Retail Trade
    Retail Trade
  18. Transportation & Warehousing
    Transportation & Warehousing
  19. Utilities
    Utilities
  20. Wholesale Trade
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background
Armis Vulnerability Intelligence Database