Vulnerability in Oracle Enterprise Communications Broker WebGUI
CVE-2020-14722

5.8MEDIUM

Key Information:

Vendor: Oracle
Status: Enterprise Communications Broker
Vendor: CVE Published:; 15 July 2020

Summary

A vulnerability exists in the Oracle Enterprise Communications Broker's WebGUI that permits an unauthenticated attacker with network access via HTTP to exploit the system. While the attack requires human interaction from a third party, it has the potential to compromise sensitive data by allowing unauthorized updates, inserts, or deletions. Additionally, this vulnerability could enable unauthorized read access to certain data and may lead to a partial denial of service. It's crucial for organizations utilizing affected versions (3.0.0 to 3.2.0) to implement security measures to mitigate these risks.

Affected Version(s)

Enterprise Communications Broker 3.0.0-3.2.0

References

https://www.oracle.com/security-alerts/cpujul2020.html

x_refsource_MISC

CVSS V3.1

Score:

5.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 15, 2020
Vulnerability Reserved
Jun 19, 2020