OSA-36286008

Vulnerability in the Oracle Insurance Policy Administration Operational Data Store for Life and Annuity product of Oracle Financial Services Applications (component: Logger (Spring Framework)). The supported version that is affected is 1.0.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Insurance Policy Administration Operational Data Store for Life and Annuity. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Insurance Policy Administration Operational Data Store for Life and Annuity. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).