Banking Payments
CVE-2020-2710
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauthorized read access to a subset of Oracle Banking Payments accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).
AnalysisAI
Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.
Technical ContextAI
Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauthorized read access to a subset of Oracle Banking Payments accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). Affected products include: Oracle Banking Payments.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Banking Payments
View allinitDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attack
Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments
Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments
Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments
When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally lead
When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally lead
When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result
The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop w
Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Rated
Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent:
In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. R
A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error.
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today