Vulnerability in Oracle Financial Services Revenue Management and Billing Product by Oracle
CVE-2022-21580

5.9MEDIUM

Key Information:

Vendor: Oracle
Status: Financial Services Revenue Management And Billing
Vendor: CVE Published:; 19 July 2022

Summary

A vulnerability exists in the Oracle Financial Services Revenue Management and Billing product that allows a low-privileged attacker with network access via HTTP to compromise critical features of the system. Although this vulnerability is challenging to exploit, it requires human interaction from an individual other than the attacker. The consequences of successful exploitation may include unauthorized access to sensitive data, as well as the ability to modify or delete data within the application. Additionally, it may allow the attacker to partially disrupt service, leading to business impact for organizations using Oracle Financial Services Revenue Management and Billing.

Affected Version(s)

Financial Services Revenue Management and Billing 2.9.0.0.0

Financial Services Revenue Management and Billing 2.9.0.1.0

Financial Services Revenue Management and Billing 3.0.0.0.0-3.2.0.0.0

References

https://www.oracle.com/security-alerts/cpujul2022.html

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 19, 2022
Vulnerability Reserved
Nov 15, 2021