SB20190716103 - Multiple vulnerabilities in Oracle Banking Payments

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Improper input validation (CVE-ID: CVE-2019-2783)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to improper input validation within the File Transmission component in Oracle Payments. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.

2) Improper input validation (CVE-ID: CVE-2019-2773)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to improper input validation within the File Transmission component in Oracle Payments. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.

3) Improper input validation (CVE-ID: CVE-2019-2782)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to improper input validation within the File Transmission component in Oracle Payments. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.

4) Improper input validation (CVE-ID: CVE-2019-2775)

The vulnerability allows a remote non-authenticated attacker to damange or delete data.

The vulnerability exists due to improper input validation within the File Transmission component in Oracle Payments. A remote non-authenticated attacker can exploit this vulnerability to damange or delete data.

Remediation

Install update from vendor's website.

References

• https://www.oracle.com/security-alerts/cpujul2019.html?504386