Main Vulnerability Database Vulnerabilities #VU65470

Improper input validation in Oracle Financial Services Crime and Compliance Management Studio - CVE-2021-38296

Published: July 19, 2022

Vulnerability identifier: #VU65470

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2021-38296

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Oracle

Affected software:
Oracle Financial Services Crime and Compliance Management Studio

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Studio (Apache Spark) component in Oracle Financial Services Crime and Compliance Management Studio. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.

How to mitigate CVE-2021-38296

Install updates from vendor's website.

Sources

https://www.oracle.com/security-alerts/cpujul2022.html

Improper input validation in Oracle Financial Services Crime and Compliance Management Studio - CVE-2021-38296

Detailed vulnerability description

How to mitigate CVE-2021-38296

Sources

Please verify you're human