Unauthorized Data Access Vulnerability in Oracle Banking Trade Finance by Oracle
CVE-2023-22121

5.4MEDIUM

Key Information:

Vendor: Oracle
Status: Banking Trade Finance
Vendor: CVE Published:; 17 October 2023

Summary

This vulnerability in Oracle Banking Trade Finance allows an unauthenticated attacker with network access to exploit certain functionalities of the application. The exploit requires human interaction from a person other than the attacker, leading to potential unauthorized updates, inserts, or deletions of data, as well as unauthorized reading of accessible data sets. Affected versions are 14.5, 14.6, and 14.7. The nature of this vulnerability poses risks to both the confidentiality and integrity of sensitive financial data.

Affected Version(s)

Banking Trade Finance 14.5 <= 14.7

References

https://www.oracle.com/security-alerts/cpuoct2023.html

vendor-advisory

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 17, 2023
Vulnerability Reserved
Dec 17, 2022