Executive Summary

This vulnerability exists in the Oracle Financial Services Analytical Applications Infrastructure product, specifically in the User Interface component. It affects supported versions 8.0.7.9, 8.0.8.7, and 8.1.2.5. The vulnerability is easily exploitable by a low privileged attacker who has logon access to the infrastructure where the application runs.

Successful exploitation requires human interaction from someone other than the attacker. If exploited, it can lead to unauthorized access to critical data or complete access to all data accessible by the application. Additionally, it can allow unauthorized updates, inserts, or deletions of some data, and can cause the application to hang or crash repeatedly, resulting in a denial of service.

Useful 0 Not Useful 0

Impact Analysis

The impact of this vulnerability includes unauthorized access to critical or all accessible data within the Oracle Financial Services Analytical Applications Infrastructure. This means sensitive information could be exposed or manipulated by an attacker.

It also allows unauthorized modification of data, including updates, inserts, or deletions, which could compromise data integrity.

Furthermore, the vulnerability can cause the application to hang or crash repeatedly, leading to a complete denial of service, which affects availability.

Useful 0 Not Useful 0

Compliance Impact

This vulnerability allows unauthorized access to critical data and unauthorized modification of data within the Oracle Financial Services Analytical Applications Infrastructure. Such unauthorized access and data manipulation can lead to violations of data protection requirements under common standards and regulations like GDPR and HIPAA, which mandate the protection of sensitive data and the prevention of unauthorized access.

Additionally, the potential for denial of service (DoS) could impact availability requirements stipulated by these regulations.

Useful 0 Not Useful 0