CVE-2024-21188

Name of the Vulnerable Software and Affected Versions Oracle Financial Services Revenue Management and Billing versions 6.0.0.0.0 through 6.1.0.0.0

Description The issue is related to insufficient input validation in the Chatbot component of Oracle Financial Services Revenue Management and Billing. This can be exploited by a remote attacker to gain unauthorized access to read, add, modify, or delete data using the HTTP protocol. Successful attacks require human interaction and can significantly impact additional products. The exploitation can result in unauthorized update, insert, or delete access to some data, as well as unauthorized read access to a subset of the data.

Recommendations For versions 6.0.0.0.0 and 6.1.0.0.0, consider restricting access to the Chatbot component until a patch is available. As a temporary workaround, avoid using the HTTP protocol for sensitive operations in the affected versions until the issue is resolved. Restrict network access to the Oracle Financial Services Revenue Management and Billing system to minimize the risk of exploitation.