Unauthenticated Access Vulnerability in Oracle Configurator by Oracle
CVE-2020-14669

8.2HIGH

Key Information:

Vendor: Oracle
Status: Configurator
Vendor: CVE Published:; 15 July 2020

Summary

An unauthenticated access vulnerability exists in the Oracle Configurator component of Oracle Supply Chain, specifically in the UI Servlet. This vulnerability can be exploited by an attacker with network access via HTTP, allowing unauthorized access to sensitive data. Successful exploitation requires human interaction from a victim. The vulnerability can result in complete access to Oracle Configurator data, along with unauthorized capabilities to update, insert, or delete data. The potential impact goes beyond Oracle Configurator, potentially affecting other interconnected products.

Affected Version(s)

Configurator 12.1

Configurator 12.2

References

https://www.oracle.com/security-alerts/cpujul2020.html

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 15, 2020
Vulnerability Reserved
Jun 19, 2020