Unauthenticated Access Vulnerability in Oracle Configurator by Oracle
CVE-2020-14669

8.2HIGH

Key Information:

Vendor: Oracle
Status: Configurator
Vendor: CVE Published:; 15 July 2020

What is CVE-2020-14669?

An unauthenticated access vulnerability exists in the Oracle Configurator component of Oracle Supply Chain, specifically in the UI Servlet. This vulnerability can be exploited by an attacker with network access via HTTP, allowing unauthorized access to sensitive data. Successful exploitation requires human interaction from a victim. The vulnerability can result in complete access to Oracle Configurator data, along with unauthorized capabilities to update, insert, or delete data. The potential impact goes beyond Oracle Configurator, potentially affecting other interconnected products.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Configurator 12.1

Configurator 12.2

References

https://www.oracle.com/security-alerts/cpujul2020.html

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 15, 2020
Vulnerability Reserved
Jun 19, 2020

JSON

Oracle