User Registration Vulnerability in Oracle E-Business Suite iStore
CVE-2020-14582

8.2HIGH

Key Information:

Vendor: Oracle
Status: Istore
Vendor: CVE Published:; 15 July 2020

Summary

An unauthenticated vulnerability exists in the user registration feature of Oracle iStore within the Oracle E-Business Suite. This flaw allows external attackers with network access to exploit the vulnerability if human interaction is involved. Although primarily affecting Oracle iStore, the potential repercussions extend to other components within the suite. Successful exploitation could lead to unauthorized access to sensitive data and the ability to perform unauthorized actions, including updates, inserts, or deletions of data managed by iStore. Users of affected versions are recommended to apply patches and take mitigation measures to safeguard their data.

Affected Version(s)

iStore 12.1.1-12.1.3

iStore 12.2.3-12.2.9

References

https://www.oracle.com/security-alerts/cpujul2020.html

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 15, 2020
Vulnerability Reserved
Jun 19, 2020