Vulnerability in Oracle Banking Payments Product by Oracle
CVE-2020-2711

6.5MEDIUM

Key Information:

Vendor: Oracle
Status: Banking Payments
Vendor: CVE Published:; 15 January 2020

Summary

This vulnerability exists within the Oracle Banking Payments product from Oracle Financial Services Applications, particularly in versions 14.1.0 through 14.3.0. It can be easily exploited by low-privileged attackers with network access via HTTP, enabling them to gain unauthorized access to sensitive data. If successfully exploited, this flaw could allow attackers to compromise critical data or gain comprehensive access to all information stored in Oracle Banking Payments, thereby posing serious risks to data confidentiality.

Affected Version(s)

Banking Payments 14.1.0-14.3.0

References

https://www.oracle.com/security-alerts/cpujan2020.html

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 15, 2020
Vulnerability Reserved
Dec 10, 2019