Security Flaw in Oracle E-Business Suite's iSupport Component
CVE-2020-14686

8.2HIGH

Key Information:

Vendor: Oracle
Status: Isupport
Vendor: CVE Published:; 15 July 2020

What is CVE-2020-14686?

A vulnerability exists within the iSupport component of Oracle E-Business Suite that permits unauthenticated attackers with network access via HTTP to exploit the tool. Successful exploitation demands human interaction from a third party, yet the ramifications of such an attack can lead to unauthorized access to critical information, offering attackers complete control over the data available through Oracle iSupport. This vulnerability poses significant risks, enabling attackers to perform unauthorized updates, inserts, or deletions on sensitive data accessible through the application.

Affected Version(s)

iSupport 12.1.1-12.1.3

iSupport 12.2.3-12.2.9

References

https://www.oracle.com/security-alerts/cpujul2020.html

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 15, 2020
Vulnerability Reserved
Jun 19, 2020