CVE-2021-2113

Name of the Vulnerable Software and Affected Versions: Oracle Financial Services Revenue Management and Billing versions 2.9.0.0 through 2.9.0.1

Description: The issue is related to inadequate access control in the On Demand Billing component, allowing a low-privileged attacker with network access via HTTP to compromise the system. Successful attacks can result in unauthorized update, insert, or delete access to some accessible data.

Recommendations: For versions 2.9.0.0 and 2.9.0.1, consider restricting access to the On Demand Billing component to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.