Oracle Banking Liquidity Management Vulnerability Allows Low Privileged Attackers to Compromise System
CVE-2024-21284

7.1HIGH

Key Information:

Vendor: Oracle
Status: Oracle Banking Liquidity Management
Vendor: CVE Published:; 15 October 2024

What is CVE-2024-21284?

A vulnerability exists in Oracle Banking Liquidity Management, specifically in the Reports component. This security flaw has the potential to be exploited by a low-privileged attacker who has network access via HTTP. Notably, this exploitation requires human interaction from a person other than the attacker, which adds a layer of complexity to the attack. If successfully exploited, this vulnerability could allow unauthorized access leading to a potential takeover of the Oracle Banking Liquidity Management system. Users and administrators of affected versions should be aware of this risk and take appropriate measures to secure their applications.

Affected Version(s)

Oracle Banking Liquidity Management 14.5.0.12.0

References

https://www.oracle.com/security-alerts/cpuoct2024.html

vendor-advisory

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 15, 2024
Vulnerability Reserved
Dec 7, 2023