WebGUI Vulnerability in Oracle Enterprise Communications Broker
CVE-2020-14721

6.3MEDIUM

Key Information:

Vendor: Oracle
Status: Enterprise Communications Broker
Vendor: CVE Published:; 15 July 2020

Summary

The WebGUI of Oracle Enterprise Communications Broker has a vulnerability that enables a low privileged attacker with network access via HTTP to exploit the system. This exploitation can lead to unauthorized updates, adds, or deletions of accessible data. Moreover, attackers can read a subset of this data without permission, and can also induce a partial denial of service, impacting the availability of the product. Affected versions include 3.0.0 through 3.2.0, necessitating immediate remediation to secure sensitive information.

Affected Version(s)

Enterprise Communications Broker 3.0.0-3.2.0

References

https://www.oracle.com/security-alerts/cpujul2020.html

x_refsource_MISC

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 15, 2020
Vulnerability Reserved
Jun 19, 2020