User Interface Vulnerability in Oracle Insurance Accounting Analyzer by Oracle
CVE-2020-14693

6.5MEDIUM

Key Information:

Vendor: Oracle
Status: Insurance Accounting Analyzer
Vendor: CVE Published:; 15 July 2020

Summary

This vulnerability in the Oracle Insurance Accounting Analyzer, part of Oracle Financial Services Applications, stems from the User Interface component. It is particularly dangerous as it permits a low-privileged attacker with network access via HTTP to gain unauthorized access. Attackers can exploit this flaw to perform critical actions, such as unauthorized creation, deletion, or modification of sensitive data, affecting all accessible data within the Oracle Insurance Accounting Analyzer. This poses significant risks to data integrity.

Affected Version(s)

Insurance Accounting Analyzer 8.0.6-8.0.9

References

https://www.oracle.com/security-alerts/cpujul2020.html

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 15, 2020
Vulnerability Reserved
Jun 19, 2020