Summaryinfo

A vulnerability, which was classified as critical, has been found in Oracle Banking Supply Chain Finance 14.7.0.2.0/14.7.1.0.0. This affects an unknown part of the component Security. Performing a manipulation results in denial of service. This vulnerability was named CVE-2023-20861. The attack may be initiated remotely. There is no available exploit.

Detailsinfo

A vulnerability was found in Oracle Banking Supply Chain Finance 14.7.0.2.0/14.7.1.0.0 (Supply Chain Management Software). It has been classified as critical. This affects an unknown functionality of the component Security. The manipulation with an unknown input leads to a denial of service vulnerability. CWE is classifying the issue as CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. This is going to have an impact on availability.

The weakness was presented 07/18/2023 as Oracle Critical Patch Update Advisory - July 2023 as confirmed advisory (Website). The advisory is shared at oracle.com. This vulnerability is uniquely identified as CVE-2023-20861. Neither technical details nor an exploit are publicly available. MITRE ATT&CK project uses the attack technique T1499 for this issue.

A possible mitigation has been published immediately after the disclosure of the vulnerability.

The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2023-0877). Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Type

• Supply Chain Management Software

Vendor

• Oracle

Name

• Banking Supply Chain Finance

Version

• 14.7.0.2.0
• 14.7.1.0.0

License

• commercial

Website

• Vendor: https://www.oracle.com

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion