Oracle FLEXCUBE Investor Servicing Security Management System Vulnerability Allowing Unauthorized Data Access and Modification

Vulnerability

A vulnerability exists in the Oracle FLEXCUBE Investor Servicing product within the Security Management System component. Affected versions include 14.5.0.15.0, 14.7.0.8.0, and 14.8.0.1.0. This vulnerability allows low-privileged attackers with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Exploitation of this vulnerability could lead to unauthorized creation, deletion, or modification of critical data, as well as unauthorized access to essential data or complete access to all data available in Oracle FLEXCUBE Investor Servicing.

Impact

Exploitation of this vulnerability could result in unauthorized access to critical data or complete access to all data within Oracle FLEXCUBE Investor Servicing, as well as unauthorized creation, deletion, or modification of critical data or all accessible data in the application.

Added: Jan 20, 2026, 10:40 PM

Updated: Jan 20, 2026, 10:40 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

5.0

exploitability

4.9

remediation

0.0

relevance

2.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

5.0

exploitability

4.9

remediation

0.0

relevance

2.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Oracle FLEXCUBE Investor Servicing Security Management System Vulnerability Allowing Unauthorized Data Access and Modification

Vulnerability

Impact

Affected Products

Oracle FLEXCUBE Investor Servicing

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating