Unauthorized Access Vulnerability in Oracle E-Business Intelligence by Oracle
CVE-2020-14681

8.2HIGH

Key Information:

Vendor: Oracle
Status: E-business Intelligence
Vendor: CVE Published:; 15 July 2020

Summary

A vulnerability exists in the Oracle E-Business Intelligence component of Oracle E-Business Suite, allowing an unauthenticated attacker with HTTP network access to exploit the system. Successful exploitation of this flaw can lead to unauthorized access to critical data, enabling attackers to update, insert, or delete information within the database. The vulnerability affects versions 12.1.1 through 12.1.3 of Oracle E-Business Intelligence, where an unsuspecting user is necessitated for the attack to succeed, thereby raising serious security concerns for organizations relying on this software.

Affected Version(s)

E-Business Intelligence 12.1.1-12.1.3

References

https://www.oracle.com/security-alerts/cpujul2020.html

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 15, 2020
Vulnerability Reserved
Jun 19, 2020