CVE-2020-14684

Name of the Vulnerable Software and Affected Versions Oracle Financial Services Analytical Applications Infrastructure versions 8.0.6 through 8.1.0

Description The issue is related to insufficient access control in the Infrastructure component of Oracle Financial Services Analytical Applications. It allows a remote attacker to gain read, modify, add, or delete access to data using the HTTP protocol. The attack requires some interaction from a person other than the attacker and can result in unauthorized access to some data.

Recommendations For versions 8.0.6 through 8.1.0, consider restricting access to the Infrastructure component until a fix is available. As a temporary workaround, limit the use of HTTP protocol for sensitive data handling in the affected Infrastructure component. Restrict network access via HTTP to the Oracle Financial Services Analytical Applications Infrastructure to minimize the risk of exploitation.