Unauthenticated Access Vulnerability in Oracle Enterprise Communications Broker
CVE-2020-14563

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Enterprise Communications Broker
Vendor: CVE Published:; 15 July 2020

Summary

The Oracle Enterprise Communications Broker is impacted by a vulnerability that enables unauthenticated network access via HTTP. This flaw allows potential attackers to selectively read, modify, or delete data stored within the system. Successful exploitation requires human interaction, enabling the attacker to gain unauthorized access, leading to potential data breaches and significant operational disruptions. This vulnerability poses severe risks not just to the Oracle Enterprise Communications Broker but can also affect other interlinked products.

Affected Version(s)

Enterprise Communications Broker 3.0.0-3.2.0

References

https://www.oracle.com/security-alerts/cpujul2020.html

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 15, 2020
Vulnerability Reserved
Jun 19, 2020