CVE-2022-21582

Name of the Vulnerable Software and Affected Versions Oracle Banking Trade Finance version 14.5

Description The issue exists due to insufficient input validation in the Infrastructure component of Oracle Banking Trade Finance, allowing a remote attacker to create, delete, or modify access to critical data, read data, or cause a partial denial of service via the HTTP protocol. Successful attacks require human interaction from a person other than the attacker and can result in unauthorized access to critical data or all accessible data.

Recommendations For version 14.5, consider restricting access to the Infrastructure component until a patch is available, and ensure that all interactions with the component are thoroughly validated to prevent unauthorized access or modifications. As a temporary workaround, limit the use of HTTP protocol interactions with the vulnerable component to minimize the risk of exploitation.