Vulnerability in Oracle Banking Trade Finance by Oracle
CVE-2023-22122

5.9MEDIUM

Key Information:

Vendor: Oracle
Status: Banking Trade Finance
Vendor: CVE Published:; 17 October 2023

Summary

A vulnerability exists in Oracle Banking Trade Finance that allows a low-privileged attacker with network access via HTTP to potentially compromise the system. Exploiting this vulnerability may require human interaction from a user other than the attacker. Successful exploitation can lead to unauthorized access to sensitive data, as well as the capability to perform unauthorized updates, inserts, or deletions of accessible data within the Oracle Banking Trade Finance system. Moreover, the vulnerability could trigger a partial denial of service, impacting the application's availability.

Affected Version(s)

Banking Trade Finance 14.5 <= 14.7

References

https://www.oracle.com/security-alerts/cpuoct2023.html

vendor-advisory

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 17, 2023
Vulnerability Reserved
Dec 17, 2022