Vulnerability in Oracle Banking Corporate Lending Component of Oracle Financial Services Applications
CVE-2018-2709

5.3MEDIUM

Key Information:

Vendor

Oracle
Status
Banking Corporate Lending
Vendor
CVE Published:
18 January 2018

What is CVE-2018-2709?

The vulnerability affects the Oracle Banking Corporate Lending component within Oracle Financial Services Applications. It involves improper access control that potentially allows low-privileged attackers, who have network access via HTTP, to exploit this flaw. Successful exploitation can lead to unauthorized access to sensitive and critical information, jeopardizing the security of the Oracle Banking Corporate Lending systems. This impacts the confidentiality of the accessible data, requiring immediate attention to mitigate risks associated with potential data breaches. For more details, refer to the Oracle security advisory.

Affected Version(s)

Banking Corporate Lending 12.3.0

Banking Corporate Lending 12.4.0

References

http://www.oracle.com/technetwork/security-advisory/cpuja...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1040214
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/102555
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.