Vulnerability in Oracle E-Business Intelligence - Oracle Corporation
CVE-2020-14668

8.2HIGH

Key Information:

Vendor: Oracle
Status: E-business Intelligence
Vendor: CVE Published:; 15 July 2020

Summary

A vulnerability exists in Oracle E-Business Intelligence, allowing unauthenticated attackers with HTTP access to compromise the system. Successful exploitation can lead to unauthorized access to sensitive data, as well as manipulation capabilities, including the ability to add, modify, or delete information. This vulnerability necessitates human interaction from a third party, elevating its risk in environments that rely on user engagement. The implications could extend beyond the affected product, posing potential risks to integrated systems.

Affected Version(s)

E-Business Intelligence 12.1.1-12.1.3

References

https://www.oracle.com/security-alerts/cpujul2020.html

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 15, 2020
Vulnerability Reserved
Jun 19, 2020