File Upload Vulnerability in Oracle Communications Applications
CVE-2020-14630

7.5HIGH

Key Information:

Vendor: Oracle
Status: Enterprise Session Border Controller
Vendor: CVE Published:; 15 July 2020

Summary

A security flaw exists within the Oracle Enterprise Session Border Controller allowing an attacker with high privileges and network access via HTTP to exploit the system. This vulnerability can lead to unauthorized access and manipulation of data, as well as the potential for denial of service, causing the system to crash or hang. Successful exploitation requires interaction from a separate user, underscoring the necessity for vigilance against social engineering threats. The flaw affects multiple supported versions of the product, posing significant risks not only to the affected system but also to associated products.

Affected Version(s)

Enterprise Session Border Controller 8.1.0

Enterprise Session Border Controller 8.2.0

Enterprise Session Border Controller 8.3.0

References

https://www.oracle.com/security-alerts/cpujul2020.html

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 15, 2020
Vulnerability Reserved
Jun 19, 2020