CVE-2022-21475

Name of the Vulnerable Software and Affected Versions Oracle Banking Payments versions 14.5

Description The issue is related to incorrect permission assignment for a critical resource in the Infrastructure component of Oracle Banking Payments. This can be exploited by a remote attacker to create, delete, or modify access to critical data, gain read access to data, or cause a partial denial of service using specially crafted HTTP requests. The attack requires human interaction from someone other than the attacker and can result in unauthorized access to or modification of critical data, as well as partial denial of service.

Recommendations For version 14.5, update the software to a version that includes the fix for this issue, as the current version allows attackers with low privileges and network access via HTTP to compromise Oracle Banking Payments. At the moment, there is no information about a newer version that contains a fix for this vulnerability.