Unauthorized Access Vulnerability in Oracle Banking Corporate Lending by Oracle
CVE-2020-2716

6.5MEDIUM

Key Information:

Vendor: Oracle
Status: Banking Corporate Lending
Vendor: CVE Published:; 15 January 2020

Summary

A vulnerability exists in the Oracle Banking Corporate Lending product that allows a low privileged attacker with network access via HTTP to gain unauthorized access to sensitive data. This vulnerability impacts multiple versions of the product and could lead to a situation where critical data becomes accessible, threatening the integrity and security of banking operations.

Affected Version(s)

Banking Corporate Lending 12.3.0-12.4.0

Banking Corporate Lending 14.0.0-14.3.0

References

https://www.oracle.com/security-alerts/cpujan2020.html

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 15, 2020
Vulnerability Reserved
Dec 10, 2019