Unauthorized Data Access Vulnerability in Oracle E-Business Suite Logging Component
CVE-2020-14635

5.3MEDIUM

Key Information:

Vendor: Oracle
Status: Application Object Library
Vendor: CVE Published:; 15 July 2020

Summary

A vulnerability exists in the Logging component of Oracle's Application Object Library within the Oracle E-Business Suite. This flaw allows unauthenticated attackers with network access via HTTP to gain unauthorized read access to select data in the Oracle Application Object Library. The impacted versions include 12.2.5 to 12.2.9, and the vulnerability can be easily exploited, posing a significant security risk to sensitive information within the application.

Affected Version(s)

Application Object Library 12.2.5-12.2.9

References

https://www.oracle.com/security-alerts/cpujul2020.html

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 15, 2020
Vulnerability Reserved
Jun 19, 2020