CVE-2022-21586

Name of the Vulnerable Software and Affected Versions Oracle Banking Trade Finance version 14.5

Description The issue exists due to insufficient input validation in the Infrastructure component of Oracle Banking Trade Finance, allowing a remote attacker to access, modify, add, or delete data via the HTTP protocol. Successful attacks require human interaction and can result in unauthorized access to critical data or all accessible data.

Recommendations For version 14.5, consider restricting access to the Infrastructure component until a patch is available, and ensure that all interactions with the component are thoroughly validated to prevent unauthorized data access. As a temporary workaround, limit network access via HTTP to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.