Oracle Banking Trade Finance Vulnerability in Oracle Financial Services Applications
CVE-2023-22123

5.4MEDIUM

Key Information:

Vendor: Oracle
Status: Banking Trade Finance
Vendor: CVE Published:; 17 October 2023

Summary

A vulnerability exists in the Oracle Banking Trade Finance component of Oracle Financial Services Applications, allowing low-privileged attackers with network access via HTTP to compromise the system. Successful exploitation requires human interaction from another person, which significantly broadens the potential impact beyond the affected product. This vulnerability could enable unauthorized updates, inserts, or deletions of accessible data, as well as unauthorized read access to certain sensitive information. The issue notably affects versions 14.5 through 14.7, requiring prompt attention to mitigate potential data integrity and confidentiality risks.

Affected Version(s)

Banking Trade Finance 14.5 <= 14.7

References

https://www.oracle.com/security-alerts/cpuoct2023.html

vendor-advisory

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 17, 2023
Vulnerability Reserved
Dec 17, 2022