Skip to main content

Banking Corporate Lending CVE-2020-14894

MEDIUM
2020-10-21 secalert_us@oracle.com
6.5
CVSS 3.1 · Vendor: oracle
Share

Severity by source

Vendor (oracle) PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from Vendor (oracle) · only source for this CVE.

CVSS VectorVendor: oracle

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Oct 21, 2020 - 15:15 cve.org
MEDIUM 6.5

DescriptionCVE.org

Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0 and 14.0.0-14.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

AnalysisAI

Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0 and 14.0.0-14.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Affected products include: Oracle Banking Corporate Lending.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2019-3778 MEDIUM POC
6.5 Mar 07

Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0

CVE-2018-2706 HIGH
8.8 Jan 18

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent:

CVE-2018-3050 HIGH
8.1 Jul 18

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent:

CVE-2018-2707 HIGH
8.1 Jan 18

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent:

CVE-2020-2718 HIGH
7.1 Jan 15

Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core

CVE-2018-2746 HIGH
7.1 Apr 19

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent:

CVE-2020-2716 MEDIUM
6.5 Jan 15

Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core

CVE-2018-3040 MEDIUM
6.5 Jul 18

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent:

CVE-2018-2747 MEDIUM
6.5 Apr 19

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent:

CVE-2018-3036 MEDIUM
6.3 Jul 18

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent:

CVE-2018-2895 MEDIUM
6.1 Jul 18

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent:

CVE-2018-2748 MEDIUM
6.1 Apr 19

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent:

Share

CVE-2020-14894 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy