CVE-2024-21285

Name of the Vulnerable Software and Affected Versions Oracle Banking Liquidity Management version 14.5.0.12.0

Description The issue is related to a component called Reports in the Oracle Banking Liquidity Management product. It allows a low-privileged attacker with network access via HTTP to compromise the system, but successful attacks require human interaction from someone other than the attacker. This can result in the takeover of Oracle Banking Liquidity Management. The vulnerability is difficult to exploit and is related to deficiencies in the authorization mechanism.

Recommendations For version 14.5.0.12.0, update to a newer version that contains a fix for this issue, as the current version is affected by the vulnerability in the Reports component. At the moment, there is no information about a newer version that contains a fix for this vulnerability.