Unauthenticated Access Vulnerability in Oracle WebCenter Portal from Oracle
CVE-2020-14611

8.6HIGH

Key Information:

Vendor: Oracle
Status: Webcenter Portal
Vendor: CVE Published:; 15 July 2020

Summary

A vulnerability in Oracle WebCenter Portal allows an unauthenticated attacker with network access via HTTP to manipulate critical data within the system. This flaw can lead to unauthorized creation, deletion, or modification of data, as well as unauthorized reading of sensitive information. Additionally, attackers can potentially cause a partial denial of service, affecting the availability of Oracle WebCenter Portal for legitimate users. It is essential for organizations using affected versions to apply security updates to mitigate these risks.

Affected Version(s)

WebCenter Portal 12.2.1.3.0

WebCenter Portal 12.2.1.4.0

References

https://www.oracle.com/security-alerts/cpujul2020.html

x_refsource_MISC

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 15, 2020
Vulnerability Reserved
Jun 19, 2020