CVE-2019-3019

Name of the Vulnerable Software and Affected Versions Oracle Banking Digital Experience versions 18.1 through 19.1

Description The issue is related to inadequate access control in the Loan Calculator component of Oracle Banking Digital Experience, part of Oracle Financial Services Applications. This can be exploited by a remote attacker to gain unauthorized access to modify, add, or delete data using HTTP protocols. The attack requires some interaction from a person other than the attacker and can significantly impact additional products beyond Oracle Banking Digital Experience. Successful exploitation can result in unauthorized access to update, insert, or delete some accessible data, as well as unauthorized read access to a subset of the data.

Recommendations For versions 18.1 through 19.1, consider restricting access to the Loan Calculator component until a fix is available. As a temporary workaround, limit the use of HTTP protocols for sensitive operations. Additionally, review and enforce strict access controls to minimize the risk of exploitation.