Uncontrolled Access Vulnerability in Oracle Advanced Outbound Telephony Product by Oracle
CVE-2020-14670

8.2HIGH

Key Information:

Vendor: Oracle
Status: Advanced Outbound Telephony
Vendor: CVE Published:; 15 July 2020

Summary

An access control vulnerability exists in Oracle Advanced Outbound Telephony, a component of Oracle E-Business Suite, impacting versions 12.1.1 through 12.1.3 and 12.2.3 through 12.2.9. This weakness allows unauthenticated attackers with network access through HTTP to compromise the system, necessitating interaction from an unsuspecting user for successful exploitation. Consequently, this vulnerability may lead to unauthorized access to sensitive data and the potential for unauthorized operations such as insertions, deletions, or updates to data stored in Oracle Advanced Outbound Telephony. The overall impact could extend to other components of Oracle E-Business Suite.

Affected Version(s)

Advanced Outbound Telephony 12.1.1-12.1.3

Advanced Outbound Telephony 12.2.3-12.2.9

References

https://www.oracle.com/security-alerts/cpujul2020.html

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 15, 2020
Vulnerability Reserved
Jun 19, 2020