User Interface Flaw in Oracle Financial Services Loan Loss Forecasting Product
CVE-2020-14692

6.5MEDIUM

Key Information:

Vendor: Oracle
Status: Financial Services Loan Loss Forecasting And Provisioning
Vendor: CVE Published:; 15 July 2020

Summary

A vulnerability exists in the User Interface component of Oracle Financial Services Loan Loss Forecasting and Provisioning. This issue allows a low-privileged attacker with network access via HTTP to potentially compromise the application. Successful exploitation can lead to unauthorized creation, deletion, or modification of critical data. It threatens the integrity of all accessible data within the affected versions, highlighting the need for immediate attention and remediation.

Affected Version(s)

Financial Services Loan Loss Forecasting and Provisioning 8.0.6-8.0.8

References

https://www.oracle.com/security-alerts/cpujul2020.html

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 15, 2020
Vulnerability Reserved
Jun 19, 2020