Vulnerability in Oracle Banking Payments by Oracle Financial Services Applications
CVE-2022-21475

5.9MEDIUM

Key Information:

Vendor: Oracle
Status: Banking Payments
Vendor: CVE Published:; 19 April 2022

Summary

A security vulnerability in Oracle Banking Payments allows low-privileged attackers with HTTP network access to manipulate critical data. Exploiting this flaw requires human interaction from an individual other than the attacker. This vulnerability permits unauthorized creation, deletion, or modification of sensitive data within Oracle Banking Payments, as well as unauthorized read access to some data. Additionally, it may lead to a partial denial of service, impacting the functionality of the application. Organizations using the affected version should take immediate measures to mitigate the risks associated with this vulnerability.

Affected Version(s)

Banking Payments 14.5

References

https://www.oracle.com/security-alerts/cpuapr2022.html

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 19, 2022
Vulnerability Reserved
Nov 15, 2021