Multiple vulnerabilities in Oracle Financial Services Model Management and Governance
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 12 |
| CVE-ID | CVE-2023-26049 CVE-2022-36033 CVE-2023-20862 CVE-2023-20863 CVE-2021-37533 CVE-2022-48285 CVE-2023-1370 CVE-2023-34981 CVE-2023-24998 CVE-2023-20873 CVE-2022-1471 CVE-2023-22946 |
| CWE-ID | CWE-20 CWE-79 CWE-254 CWE-345 CWE-22 CWE-674 CWE-200 CWE-770 CWE-502 CWE-269 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #11 is available. |
| Vulnerable software Subscribe |
Oracle Financial Services Model Management and Governance Server applications / Other server solutions |
| Vendor | Oracle |
Security Bulletin
This security bulletin contains information about 12 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU75217
Risk: Low
CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-26049
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient input validation when parsing cookies. A remote attacker can send a specially crafted HTTP request with a cookie value that starts with a double quote and force the application to read the cookie string until it sees a closing quote. Such behavior can be used to exfiltrate sensitive values from other cookies.
Install update from vendor's website.
Vulnerable software versionsOracle Financial Services Model Management and Governance: 8.1.2.3 - 8.1.2.4
External linkshttp://www.oracle.com/security-alerts/cpuoct2023.html?948044
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Cross-site scripting
EUVDB-ID: #VU66756
Risk: Low
CVSSv3.1: 4.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-36033
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of HTML code within the jsoup cleaner, including javascript: URL expressions when the non-default SafeList.preserveRelativeLinks option is enabled. A remote attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Financial Services Model Management and Governance: 8.1.2.3 - 8.1.2.4
External linkshttp://www.oracle.com/security-alerts/cpuoct2023.html?948044
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Security features bypass
EUVDB-ID: #VU75408
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20862
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the logout support does not properly clean the security context if using serialized versions. A remote attacker can save an empty security context to the HttpSessionSecurityContextRepository and keep users authenticated even after they performed logout.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Financial Services Model Management and Governance: 8.1.2.3 - 8.1.2.4
External linkshttp://www.oracle.com/security-alerts/cpuoct2023.html?948044
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU75409
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20863
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote user can use a specially crafted SpEL expression and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Financial Services Model Management and Governance: 8.1.2.3 - 8.1.2.4
External linkshttp://www.oracle.com/security-alerts/cpuoct2023.html?948044
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Insufficient verification of data authenticity
EUVDB-ID: #VU70441
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-37533
CWE-ID:
CWE-345 - Insufficient Verification of Data Authenticity
Exploit availability: No
DescriptionThe vulnerability allows an attacker to redirect victim to a malicious host.
The vulnerability exists due to the application trusts the host from PASV response by default. A remote attacker can trick the victim into connecting to an attacker controlled FTP server and then redirect the application to another host.
Install update from vendor's website.
Vulnerable software versionsOracle Financial Services Model Management and Governance: 8.1.2.3 - 8.1.2.4
External linkshttp://www.oracle.com/security-alerts/cpuoct2023.html?948044
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Path traversal
EUVDB-ID: #VU73970
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48285
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to insufficient sanitization of user-supplied in the loadAsync() method. A remote attacker can pass a specially crafted ZIP archive to the application and overwrite arbitrary files on the system.
Install update from vendor's website.
Vulnerable software versionsOracle Financial Services Model Management and Governance: 8.1.2.3 - 8.1.2.4
External linkshttp://www.oracle.com/security-alerts/cpuoct2023.html?948044
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Uncontrolled Recursion
EUVDB-ID: #VU75044
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1370
CWE-ID:
CWE-674 - Uncontrolled Recursion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to uncontrolled recursion when processing nested arrays and objects. A remote attacker can pass specially crafted JSON data to the application and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsOracle Financial Services Model Management and Governance: 8.1.2.3 - 8.1.2.4
External linkshttp://www.oracle.com/security-alerts/cpuoct2023.html?948044
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Information disclosure
EUVDB-ID: #VU77622
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-34981
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to HTTP headers are not set in a response. A remote attacker can send a specially crafted HTTP request and gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Financial Services Model Management and Governance: 8.1.2.3 - 8.1.2.4
External linkshttp://www.oracle.com/security-alerts/cpuoct2023.html?948044
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Allocation of Resources Without Limits or Throttling
EUVDB-ID: #VU72427
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-24998
CWE-ID:
CWE-770 - Allocation of Resources Without Limits or Throttling
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to Apache Commons FileUpload does not limit the number of request parts. A remote attacker can initiate a series of uploads and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsOracle Financial Services Model Management and Governance: 8.1.2.3 - 8.1.2.4
External linkshttp://www.oracle.com/security-alerts/cpuoct2023.html?948044
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Security features bypass
EUVDB-ID: #VU75407
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20873
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to security features bypass. A remote attacker can cause security bypass on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Financial Services Model Management and Governance: 8.1.2.3 - 8.1.2.4
External linkshttp://www.oracle.com/security-alerts/cpuoct2023.html?948044
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Deserialization of Untrusted Data
EUVDB-ID: #VU70385
Risk: High
CVSSv3.1: 9.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C]
CVE-ID: CVE-2022-1471
CWE-ID:
CWE-502 - Deserialization of Untrusted Data
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data within the SnakeYaml's Constructor() class. A remote attacker can pass specially crafted yaml content to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Financial Services Model Management and Governance: 8.1.2.3 - 8.1.2.4
External linkshttp://www.oracle.com/security-alerts/cpuoct2023.html?948044
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
12) Improper Privilege Management
EUVDB-ID: #VU78721
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-22946
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges.
The vulnerability exists due to improper privilege management. A local user can send specially crafted configuration-related classes on the classpath and exploit this vulnerability to execute arbitrary code with the privileges of the submitting user.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Financial Services Model Management and Governance: 8.1.2.3 - 8.1.2.4
External linkshttp://www.oracle.com/security-alerts/cpuoct2023.html?948044
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
