Denial of Service Vulnerability in Oracle E-Business Suite's CRM Technical Foundation
CVE-2020-14679

7.5HIGH

Key Information:

Vendor
Oracle
Status
Crm Technical Foundation
Vendor
CVE Published:
15 July 2020

Summary

An unauthenticated attacker with network access via HTTP can exploit a vulnerability in the Oracle CRM Technical Foundation, leading to the potential for a denial of service. This vulnerability allows the attacker to cause the system to hang or crash frequently, disrupting accessibility and service. Affected versions of Oracle CRM Technical Foundation include 12.1.3 and versions 12.2.3 through 12.2.9. This flaw highlights the importance of securing network access and applying appropriate patches to mitigate downtime and operational impact.

Affected Version(s)

CRM Technical Foundation 12.1.3

CRM Technical Foundation 12.2.3-12.2.9

References

https://www.oracle.com/security-alerts/cpujul2020.html
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.