Vulnerability in Oracle Financial Services Funds Transfer Pricing User Interface
CVE-2018-2728

6.1MEDIUM

Key Information:

Vendor
Oracle
Status
Financial Services Funds Transfer Pricing
Vendor
CVE Published:
18 January 2018

Summary

A vulnerability exists in the Oracle Financial Services Funds Transfer Pricing component, which may allow an unauthenticated attacker with network access via HTTP to compromise the system. Specifically, this issue allows unauthorized updates, inserts, or deletions of accessible data. Due to the nature of the vulnerability, successful exploitation requires human interaction from a user other than the attacker. While the primary focus is on the Funds Transfer Pricing component, the repercussions of an attack can significantly impact other Oracle Financial Services products.

Affected Version(s)

Financial Services Funds Transfer Pricing 6.1.x

Financial Services Funds Transfer Pricing 8.0.x

References

http://www.oracle.com/technetwork/security-advisory/cpuja...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1040214
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/102650
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.