Unauthenticated Access Vulnerability in Oracle E-Business Suite's Trade Management
CVE-2020-14665

9.1CRITICAL

Key Information:

Vendor: Oracle
Status: Trade Management
Vendor: CVE Published:; 15 July 2020

Summary

A critical vulnerability exists in the Invoice component of Oracle Trade Management within the Oracle E-Business Suite. An unauthenticated attacker with network access can exploit this vulnerability via HTTP, leading to potential unauthorized creation, deletion, or manipulation of critical data. This exploit allows attackers to obtain complete unauthorized access to the data managed within Oracle Trade Management systems, posing significant risks to data integrity and confidentiality. Organizations using the affected versions should prioritize applying security updates to mitigate potential exploitation.

Affected Version(s)

Trade Management 12.1.1-12.1.3

Trade Management 12.2.3-12.2.9

References

https://www.oracle.com/security-alerts/cpujul2020.html

x_refsource_MISC

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 15, 2020
Vulnerability Reserved
Jun 19, 2020