CVE-2024-21284

Name of the Vulnerable Software and Affected Versions Oracle Banking Liquidity Management version 14.5.0.12.0

Description The issue is related to a component called Reports in the Oracle Banking Liquidity Management product. It allows a low-privileged attacker with network access via HTTP to compromise the system, but successful attacks require human interaction from someone other than the attacker. This can result in the takeover of Oracle Banking Liquidity Management. The vulnerability is difficult to exploit and is related to deficiencies in the authorization mechanism.

Recommendations For version 14.5.0.12.0, update to a version that includes a fix for this issue, as the current version is vulnerable to takeover. At the moment, there is no information about a newer version that contains a fix for this vulnerability.