CVE-2020-2943

Name of the Vulnerable Software and Affected Versions Oracle Financial Services Liquidity Risk Measurement and Management versions 8.0.7 through 8.0.8

Description The issue is related to a lack of protection for service data in the User Interface component of Oracle Financial Services Liquidity Risk Measurement and Management. This can be exploited by a remote attacker to create, delete, or modify access rights to protected information or to gain read access to data using HTTP requests. The vulnerability can result in unauthorized access to critical data, including creation, deletion, or modification of access rights, as well as unauthorized read access to a subset of accessible data.

Recommendations For versions 8.0.7 and 8.0.8, consider restricting access to the User Interface component until a patch is available. As a temporary workaround, avoid using HTTP requests to access sensitive data in the affected versions. Restrict network access to the Oracle Financial Services Liquidity Risk Measurement and Management product to minimize the risk of exploitation.