Vulnerability in Oracle Financial Services Analytical Applications Infrastructure
CVE-2023-21901

7.4HIGH

Key Information:

Vendor: Oracle
Status: Financial Services Analytical Applications Infrastructure
Vendor: CVE Published:; 16 January 2024

Summary

A vulnerability exists within the Oracle Financial Services Analytical Applications Infrastructure that can be exploited by low-privileged attackers with network access via HTTP. This weakness may allow unauthorized actions such as updates, inserts, or deletions to data that the Infrastructure has access to. Additionally, it poses a risk of unauthorized read access to certain data and potentially leads to a partial denial of service situation. While specifically affecting the Infrastructure component, the implications of these attacks may extend to other associated products, thereby increasing the overall impact on an organization's operational capabilities.

Affected Version(s)

Financial Services Analytical Applications Infrastructure 8.0.7

Financial Services Analytical Applications Infrastructure 8.0.8

Financial Services Analytical Applications Infrastructure 8.0.9

References

https://www.oracle.com/security-alerts/cpujan2024.html

vendor-advisory

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 16, 2024
Vulnerability Reserved
Dec 17, 2022