Oracle Financial Services Revenue Management 2.7.0.0 Unrestricted Upload of File with Dangerous Type Vulnerability

Summary

Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: File Upload). Supported versions that are affected are 2.7.0.0, 2.7.0.1 and 2.8.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. 

Credit:

The information has been provided by Afanti

The original article can be found at:https://www.oracle.com/security-alerts/cpujan2020.html


Details

Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Revenue Management and Billing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized read access to a subset of Oracle Financial Services Revenue Management and Billing accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts).

 

Vulnerable Systems:

Oracle Financial Services Revenue Management 2.7.0.0

Oracle Financial Services Revenue Management 2.7.0.1 

Oracle Financial Services Revenue Management 2.8.0.0 

 

CVE Information:

CVE-2020-2730

 

Disclosure Timeline:
Published Date:1/15/2020

Categories: News