Oracle Banking Liquidity Management Vulnerability
CVE-2024-21285

7.1HIGH

Key Information:

Vendor: Oracle
Status: Oracle Banking Liquidity Management
Vendor: CVE Published:; 15 October 2024

Summary

A vulnerability in the Oracle Banking Liquidity Management product facilitates remote exploitation by low privileged attackers with network access through HTTP. Exploitation requires interaction from an external user, creating a risk for system integrity and possible unauthorized takeover of the application. Protection strategies should focus on mitigating risks associated with unauthorized access and ensuring robust network security.

Affected Version(s)

Oracle Banking Liquidity Management 14.5.0.12.0

References

https://www.oracle.com/security-alerts/cpuoct2024.html

vendor-advisory

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 15, 2024
Vulnerability Reserved
Dec 7, 2023

Collectors

NVD DatabaseMitre Database