SB2025012477 - Multiple vulnerabilities in Oracle Financial Services Compliance Studio

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025012477

SB2025012477 - Multiple vulnerabilities in Oracle Financial Services Compliance Studio

Published: January 24, 2025 Updated: January 31, 2025

Security Bulletin ID SB2025012477
Severity
High
Patch available
YES
Number of vulnerabilities 10
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 10% Medium 70% Low 20%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 10 secuirty vulnerabilities.


1) Improper Authorization (CVE-ID: CVE-2024-38827)

The vulnerability allows a remote attacker to bypass authorization.

The vulnerability exists due to presence of Locale dependent exceptions when using String.toLowerCase() and String.toUpperCase() for string comparison. A remote attacker can bypass authorization rules using specially crafted input.

Note, the vulnerability is related to #VU98795 (CVE-2024-38820).


2) Stack-based buffer overflow (CVE-ID: CVE-2023-51074)

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to a boundary error in the Criteria.parse() method. A remote unauthenticated attacker can trigger stack-based buffer overflow and perform a denial of service attack.


3) Cross-site scripting (CVE-ID: CVE-2024-34064)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data within the "xmlattr" filter. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


4) Security features bypass (CVE-ID: CVE-2024-35195)

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to the session object does not verify requests after making first request with verify=False. A local administrator can bypass authentication.


5) Inadequate encryption strength (CVE-ID: CVE-2023-48795)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to incorrect implementation of the SSH Binary Packet Protocol (BPP), which mishandles the handshake phase and the use of sequence numbers. A remote attacker can perform MitM attack and delete the SSH2_MSG_EXT_INFO message sent before authentication starts, allowing the attacker to disable a subset of the keystroke timing obfuscation features introduced in OpenSSH 9.5.

The vulnerability was dubbed "Terrapin attack" and it affects both client and server implementations.


6) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2023-44483)

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to software stores sensitive information into log files when using the JSR 105 API. A remote user can obtain a private key when generating an XML Signature with debug level enabled.


7) Buffer overflow (CVE-ID: CVE-2024-28219)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in "_imagingcms.c". A remote user can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


8) Path traversal (CVE-ID: CVE-2024-38819)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in applications that serve static resources through the functional web frameworks WebMvc.fn or WebFlux.fn. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.


9) Improper input validation (CVE-ID: CVE-2022-34169)

The vulnerability allows a remote non-authenticated attacker to compromise the affected system.

The vulnerability exists due to an integer truncation issue when processing malicious XSLT stylesheets. A remote non-authenticated attacker can pass specially crafted data to the application to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode.


10) Improper input validation (CVE-ID: CVE-2023-26031)

The vulnerability allows a remote authenticated user to execute arbitrary code.

The vulnerability exists due to improper input validation within the Installer (Apache Hadoop) component in Oracle Financial Services Model Management and Governance. A remote authenticated user can exploit this vulnerability to execute arbitrary code.


Remediation

Install update from vendor's website.

References