Unauthorized Access Vulnerability in Oracle Banking Corporate Lending by Oracle
CVE-2020-2717

5.4MEDIUM

Key Information:

Vendor: Oracle
Status: Banking Corporate Lending
Vendor: CVE Published:; 15 January 2020

Summary

An unauthenticated access vulnerability exists in the Oracle Banking Corporate Lending product that can be exploited by remote attackers with network access. This vulnerability enables malicious individuals to perform unauthorized read, insert, update, or delete operations on accessible data. The attack requires human interaction from a third party, highlighting the need for a vigilant approach to cybersecurity measures within the affected versions.

Affected Version(s)

Banking Corporate Lending 12.3.0-12.4.0

Banking Corporate Lending 14.0.0-14.3.0

References

https://www.oracle.com/security-alerts/cpujan2020.html

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 15, 2020
Vulnerability Reserved
Dec 10, 2019