PT-2024-1170 · Oracle · Oracle Financial Services Analytical Applications Infrastructure
Khanh Nguyen
·
Published
2024-01-16
·
Updated
2024-01-23
·
CVE-2023-21901
CVSS v3.1
7.4
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Oracle Financial Services Analytical Applications Infrastructure versions 8.0.7 through 8.1.2
Description
The issue is related to insufficient input validation in the Infrastructure component of Oracle Financial Services Analytical Applications Infrastructure. This allows a low-privileged attacker with network access via HTTP to compromise the system. Successful attacks can result in unauthorized update, insert, or delete access to some data, as well as unauthorized read access to a subset of data and the ability to cause a partial denial of service. The vulnerability may significantly impact additional products.
Recommendations
For versions 8.0.7 through 8.1.2, update to a version that includes the fix for this issue.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Access Control
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Oracle Financial Services Analytical Applications Infrastructure