Main Vulnerability Database Vulnerabilities #VU65470

#VU65470 Improper input validation in Oracle Financial Services Crime and Compliance Management Studio - CVE-2021-38296

Published: July 19, 2022

Vulnerability identifier: #VU65470

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2021-38296

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Oracle Financial Services Crime and Compliance Management Studio

Software vendor:
Oracle

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Studio (Apache Spark) component in Oracle Financial Services Crime and Compliance Management Studio. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.

Remediation

Install updates from vendor's website.

External links

https://www.oracle.com/security-alerts/cpujul2022.html

#VU65470 Improper input validation in Oracle Financial Services Crime and Compliance Management Studio - CVE-2021-38296

Description

Remediation

External links

Please verify you're human