Banking Payments
CVE-2020-14896
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from Vendor (oracle) · only source for this CVE.
CVSS VectorVendor: oracle
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Payments accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).
AnalysisAI
Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Payments accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Affected products include: Oracle Banking Payments.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Banking Payments
View allinitDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attack
Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments
Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments
Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments
When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally lead
When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally lead
When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result
The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop w
Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Rated
Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent:
In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. R
A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error.
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today