Oracle Financial Services Applications Access Control Flaw in Payments Core
CVE-2018-2704

8.1HIGH

Key Information:

Vendor

Oracle
Status
Banking Payments
Vendor
CVE Published:
18 January 2018

What is CVE-2018-2704?

An access control vulnerability exists within the Oracle Banking Payments component of Oracle Financial Services Applications, specifically in the Payments Core subcomponent. This flaw affects versions 12.3.0 and 12.4.0, enabling low-privileged attackers with network access via HTTP to exploit Oracle Banking Payments. Successful exploitation can lead to unauthorized creation, deletion, or modification of critical data, as well as facilitate denial-of-service attacks causing system hangs or crashes. The vulnerability poses significant risks to the integrity and availability of Oracle Banking Payments systems.

Affected Version(s)

Banking Payments 12.3.0

Banking Payments 12.4.0

References

http://www.oracle.com/technetwork/security-advisory/cpuja...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1040214
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/102568
vdb-entryx_refsource_BID

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.