CVE-2020-2940

Name of the Vulnerable Software and Affected Versions Oracle Financial Services Profitability Management versions 8.0.6 through 8.0.7

Description The issue is related to a lack of protection for service data in the User Interface component of Oracle Financial Services Profitability Management, part of Oracle Financial Services Applications. This can be exploited by a remote attacker to create, delete, or modify access rights to protected information, or to gain read access to data using HTTP requests. Successful attacks can result in unauthorized access to critical data or all accessible data, as well as unauthorized read access to a subset of accessible data.

Recommendations For versions 8.0.6 and 8.0.7, update to a version that includes the fix for this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.