Vulnerability in SuiteCommerce Advanced by Oracle NetSuite
CVE-2020-14728

5.4MEDIUM

Key Information:

Vendor: Oracle
Status: Oracle Netsuite Service
Vendor: CVE Published:; 27 August 2020

Summary

A vulnerability exists within the SuiteCommerce Advanced component of Oracle NetSuite service that allows a low-privileged attacker with network access via HTTP to exploit the system. This exploit necessitates human interaction from a person other than the attacker. Although primarily affecting SuiteCommerce Advanced, successful attacks can also have repercussions on additional associated products. The potential impact includes unauthorized update, insert, or delete access to certain data accessible within SuiteCommerce Advanced, and unauthorized read access to a subset of this data.

Affected Version(s)

Oracle NetSuite service Montblanc

Oracle NetSuite service Vinson

Oracle NetSuite service Elbrus

References

https://system.netsuite.com/app/help/helpcenter.nl

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 27, 2020
Vulnerability Reserved
Jun 19, 2020