Vulnerability in Oracle Banking Virtual Account Management by Oracle
CVE-2023-21907

6MEDIUM

Key Information:

Vendor
Oracle
Status
Banking Virtual Account Management
Vendor
CVE Published:
18 April 2023

Summary

A vulnerability exists in Oracle Banking Virtual Account Management, a part of Oracle Financial Services Applications, affecting versions 14.5, 14.6, and 14.7. This vulnerability may be exploited by a privileged attacker with network access to compromise the system. Exploitation necessitates human interaction from a third party, allowing attackers to gain unauthorized access to sensitive data. Attackers could potentially update, insert, or delete critical data and even cause system instability, resulting in denial of service. Robust security measures are highly recommended to safeguard against these risks.

Affected Version(s)

Banking Virtual Account Management 14.5

Banking Virtual Account Management 14.6

Banking Virtual Account Management 14.7

References

https://www.oracle.com/security-alerts/cpuapr2023.html
vendor-advisory

CVSS V3.1

Score:
6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.