File Upload Vulnerability in Oracle E-Business Suite by Oracle
CVE-2020-14610

7.6HIGH

Key Information:

Vendor: Oracle
Status: Applications Framework
Vendor: CVE Published:; 15 July 2020

Summary

A vulnerability exists in the Oracle Applications Framework component of Oracle E-Business Suite, specifically related to file uploading mechanisms. This issue allows an authenticated low-privileged attacker with network access to exploit the vulnerability via HTTP. Successful exploitation necessitates human interaction from a third party, but can lead to unauthorized access to critical data and the ability to manipulate information within the Oracle Applications Framework. The implications of this vulnerability can extend beyond the framework itself, potentially affecting other connected applications, leading to security breaches and data integrity issues.

Affected Version(s)

Applications Framework 12.2.9

References

https://www.oracle.com/security-alerts/cpujul2020.html

x_refsource_MISC

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 15, 2020
Vulnerability Reserved
Jun 19, 2020