CVE-2022-21584

Name of the Vulnerable Software and Affected Versions Oracle Banking Trade Finance version 14.5

Description The issue exists due to insufficient input validation in the Infrastructure component of Oracle Banking Trade Finance, allowing a remote attacker to read, modify, add, or delete data via the HTTP protocol. The vulnerability is difficult to exploit and requires human interaction from a person other than the attacker, allowing a low-privileged attacker with network access to compromise Oracle Banking Trade Finance. Successful attacks can result in unauthorized access to critical data or all accessible data.

Recommendations For version 14.5, update to a version that includes a fix for this issue to prevent unauthorized access and modification of data. As a temporary workaround, consider restricting access to the Infrastructure component until a patch is available.