CVE-2024-21281HTTP Request Smuggling in Corporation Oracle Banking Liquidity Management

CWE-444HTTP Request Smuggling5 documents5 sources
Severity
5.3MEDIUMNVD
EPSS
0.2%
top 57.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Corporation Oracle Banking Liquidity ManagementOracle Banking Liquidity Management
Timeline
PublishedOct 15

Description

Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Infrastructure). The supported version that is affected is 14.7.0.6.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, d

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:LExploitability: 0.5 | Impact: 4.7

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-qq87-cr9r-6pj4: Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Infrastructure)2024-10-15
CVEList
CVE-2024-21281: Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Infrastructure)2024-10-15

📋Vendor Advisories

2
Red Hat
Oracle Financial Services Applications: From CVEorg collector2024-10-15
Oracle
Oracle Oracle Financial Services Applications Risk Matrix: Infrastructure — CVE-2024-212812024-10-15
CVE-2024-21281 — HTTP Request Smuggling | cvebase