Vulnerability in SSL API of Oracle Fusion Middleware
CVE-2020-14655

6.5MEDIUM

Key Information:

Vendor: Oracle
Status: Security Service
Vendor: CVE Published:; 15 July 2020

Summary

The vulnerability in the Oracle Security Service component of Oracle Fusion Middleware's SSL API allows an unauthenticated attacker with network access via HTTPS to potentially compromise sensitive data. A successful exploitation can lead to unauthorized access, enabling attackers to read, update, insert, or delete accessible data within Oracle Security Service, posing significant risks to data confidentiality and integrity.

Affected Version(s)

Security Service 11.1.1.9.0

Security Service 12.2.1.3.0

Security Service 12.2.1.4.0

References

https://www.oracle.com/security-alerts/cpujul2020.html

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 15, 2020
Vulnerability Reserved
Jun 19, 2020