Unauthenticated Access Vulnerability in Oracle E-Business Suite CRM User Management Framework
CVE-2020-14688

8.2HIGH

Key Information:

Vendor: Oracle
Status: Common Applications
Vendor: CVE Published:; 15 July 2020

What is CVE-2020-14688?

The vulnerability in the Oracle E-Business Suite's CRM User Management Framework allows unauthenticated attackers with network access via HTTP to potentially compromise the affected systems. Exploitation of this vulnerability requires human interaction from a victim, enabling unauthorized access to sensitive data. Attackers could manipulate and access critical data, with implications extending beyond the Oracle Common Applications to other products. This situation presents significant risks, including unauthorized data updates, inserts, and deletions.

Affected Version(s)

Common Applications 12.1.3

Common Applications 12.2.3-12.2.9

References

https://www.oracle.com/security-alerts/cpujul2020.html

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 15, 2020
Vulnerability Reserved
Jun 19, 2020