CVE-2020-2941

Name of the Vulnerable Software and Affected Versions Oracle Financial Services Funds Transfer Pricing versions 8.0.6 through 8.0.7

Description The issue is related to a lack of protection for service data in the User Interface component of Oracle Financial Services Funds Transfer Pricing, part of Oracle Financial Services Applications. This can be exploited by a remote attacker to create, delete, or modify access rights to protected information or to gain read access to data using HTTP requests. The vulnerability can be exploited via HTTP, allowing an attacker with low privileges and network access to compromise the system, resulting in unauthorized access to critical data.

Recommendations For versions 8.0.6 and 8.0.7, consider restricting access to the User Interface component until a fix is available. As a temporary workaround, limit the use of HTTP requests to minimize the risk of exploitation. Avoid using the vulnerable User Interface component for sensitive operations until the issue is resolved.