Vulnerability in Oracle Depot Repair of Oracle E-Business Suite
CVE-2020-14682

8.2HIGH

Key Information:

Vendor: Oracle
Status: Depot Repair
Vendor: CVE Published:; 15 July 2020

Summary

A vulnerability exists in the Oracle Depot Repair component of Oracle E-Business Suite, specifically affecting versions 12.1.1 through 12.1.3. This easily exploitable issue allows an unauthenticated attacker with network access via HTTP to potentially compromise Oracle Depot Repair. Exploitation of this vulnerability requires human interaction from a third party, making it more deceptive. The impact can lead to unauthorized access to sensitive data and unauthorized modifications, including updates, inserts, or deletions of accessible data within Oracle Depot Repair. Attackers leveraging this vulnerability may significantly affect associated products, highlighting the necessity for urgent remediation.

Affected Version(s)

Depot Repair 12.1.1-12.1.3

References

https://www.oracle.com/security-alerts/cpujul2020.html

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 15, 2020
Vulnerability Reserved
Jun 19, 2020