CVE-2020-2730

Name of the Vulnerable Software and Affected Versions Oracle Financial Services Revenue Management and Billing versions 2.7.0.0 through 2.8.0.0

Description The issue is related to the unlimited upload of dangerous file types in the File Upload component. This can be exploited by a remote attacker to impact data integrity or disclose protected information via the HTTP protocol. The vulnerability can be easily exploited and requires human interaction from someone other than the attacker. Successful attacks can result in unauthorized access to update, insert, or delete data, as well as unauthorized read access to a subset of the data.

Recommendations For versions 2.7.0.0, 2.7.0.1, and 2.8.0.0, consider disabling the File Upload component until a patch is available to prevent exploitation. Restrict access to the File Upload feature to minimize the risk of unauthorized data access. Avoid using the HTTP protocol for sensitive operations until the issue is resolved.