User Interface Vulnerability in Oracle Financial Services Applications
CVE-2018-2692

6.1MEDIUM

Key Information:

Vendor
Oracle
Status
Financial Services Asset Liability Management
Vendor
CVE Published:
18 January 2018

Summary

A vulnerability exists in the Oracle Financial Services Asset Liability Management's user interface, which allows unauthenticated attackers with network access via HTTP to exploit the system. This vulnerability can lead to unauthorized access to sensitive data and operations, including the possibility of performing updates, inserts, or deletions without proper authorization. While attacks require human interaction from an individual other than the attacker, the implications could extend to other products within the Oracle Financial Services ecosystem, potentially leading to significant implications for data integrity and confidentiality.

Affected Version(s)

Financial Services Asset Liability Management 6.1.x

Financial Services Asset Liability Management 8.0.x

References

http://www.oracle.com/technetwork/security-advisory/cpuja...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1040214
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/102621
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.