Oracle · Oracle Banking Virtual Account Management · CVE-2023-21907
**Name of the Vulnerable Software and Affected Versions**
Oracle Banking Virtual Account Management versions 14.5 through 14.7
**Description**
The issue is related to insufficient input validation in the OBVAM Trn Journal Domain component. It allows a high-privileged attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management, resulting in unauthorized access to critical data, complete access to all accessible data, and unauthorized update, insert, or delete access to some accessible data. Successful attacks require human interaction from a person other than the attacker and can also cause a hang or frequently repeatable crash of Oracle Banking Virtual Account Management.
**Recommendations**
For versions 14.5 through 14.7, consider restricting access to the OBVAM Trn Journal Domain component to minimize the risk of exploitation until a patch is available.
As a temporary workaround, ensure that all inputs to the Oracle Banking Virtual Account Management are thoroughly validated to prevent potential attacks.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.