SB2025102291 - Multiple vulnerabilities in Oracle Financial Services Revenue Management and Billing

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025102291

SB2025102291 - Multiple vulnerabilities in Oracle Financial Services Revenue Management and Billing

Published: October 22, 2025

Security Bulletin ID SB2025102291
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 vulnerabilities.


1) Improper input validation (CVE-ID: CVE-2025-50074)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote privileged user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Security Management System component in Oracle Financial Services Revenue Management and Billing. A remote privileged user can exploit this vulnerability to gain access to sensitive information.


2) Improper input validation (CVE-ID: CVE-2025-50075)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote authenticated user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Security Management System component in Oracle Financial Services Revenue Management and Billing. A remote authenticated user can exploit this vulnerability to gain access to sensitive information.


Remediation

Install update from vendor's website.

References