漏洞标题
N/A
漏洞描述信息
Oracle金融服务应用程序中的Oracle银行虚拟账户管理产品(组件:OBVAM Trn Journal Domain)的漏洞。受影响的支持版本是14.5、14.6和14.7。难以利用的漏洞允许通过HTTP网络访问的高特权攻击者 compromising Oracle银行虚拟账户管理。成功攻击需要攻击者之外的人 human interaction。这个漏洞的成功攻击可能导致未经授权访问关键数据或完全访问所有Oracle银行虚拟账户管理可访问的数据,以及未经授权更新、插入或删除某些Oracle银行虚拟账户管理可访问的数据,以及导致Oracle银行虚拟账户管理 hang或频繁重复崩溃(完全DOS)的能力。CVSS 3.1基础得分为6.0(安全性、完整性和可用性影响)。CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:H)
CVSS信息
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: OBVAM Trn Journal Domain). Supported versions that are affected are 14.5, 14.6 and 14.7. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Banking Virtual Account Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Virtual Account Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Virtual Account Management accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Virtual Account Management. CVSS 3.1 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:H).
CVSS信息
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:H
漏洞类别
N/A
漏洞标题
Oracle Financial Services Applications 安全漏洞
漏洞描述信息
Oracle Financial Services Applications是美国甲骨文(Oracle)公司的一套金融服务软件。该产品包括核心银行、网上银行和财产管理等。 Oracle Financial Services Applications 14.5、14.6 和 14.7 版本的 OBVAM Trn Journal Domain 组件存在安全漏洞。通过 HTTP 进行网络访问的高权限攻击者通过该漏洞可以破坏 Oracle Banking Virtual Account Management。
CVSS信息
N/A
漏洞类别
其他