Oracle E-Business Suite Vulnerability Exposes Applications Framework Data
CVE-2020-14590

2.7LOW

Key Information:

Vendor: Oracle
Status: Applications Framework
Vendor: CVE Published:; 15 July 2020

What is CVE-2020-14590?

A vulnerability exists in the Oracle Applications Framework component of the Oracle E-Business Suite. It allows an attacker with high privileges and network access via HTTP to potentially exploit the framework, gaining unauthorized read access to certain data within the Oracle Applications Framework. This vulnerability affects multiple versions of the product, namely versions 12.1.3 and 12.2.3 to 12.2.9, thereby posing a significant security concern for organizations relying on these applications.

Affected Version(s)

Applications Framework 12.1.3

Applications Framework 12.2.3-12.2.9

References

https://www.oracle.com/security-alerts/cpujul2020.html

x_refsource_MISC

CVSS V3.1

Score:

2.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 15, 2020
Vulnerability Reserved
Jun 19, 2020