Unauthorized Access Vulnerability in Oracle Commerce Platform by Oracle
CVE-2020-14533

3.5LOW

Key Information:

Vendor: Oracle
Status: Commerce Platform
Vendor: CVE Published:; 15 July 2020

Summary

A vulnerability exists within the Oracle Commerce Platform's Dynamo Application Framework, potentially allowing a high-privileged attacker with network access via HTTP to exploit the platform. The attack requires human interaction from a third party, leading to unauthorized update, insertion, or deletion of accessible data. Furthermore, it provides access to confidential data, risking integrity and confidentiality within supported versions 11.1, 11.2, and those prior to 11.3.1.

Affected Version(s)

Commerce Platform 11.1

Commerce Platform 11.2

Commerce Platform < 11.3.1

References

https://www.oracle.com/security-alerts/cpujul2020.html

x_refsource_MISC

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 15, 2020
Vulnerability Reserved
Jun 19, 2020