Unauthorized Access Vulnerability in Oracle NetSuite SuiteCommerce Advanced
CVE-2020-14729

5.4MEDIUM

Key Information:

Vendor: Oracle
Status: Oracle Netsuite Service
Vendor: CVE Published:; 27 August 2020

What is CVE-2020-14729?

A vulnerability exists in the SuiteCommerce Advanced (SCA) Sites component of Oracle NetSuite, which may be exploited by low privileged attackers possessing network access via HTTP. This flaw enables them to create, delete, or modify critical data in NetSuite SCA. It may also permit unauthorized read access to certain data, posing potential risks to the confidentiality and integrity of the information managed within the NetSuite environment. Patching to version 2020.1.4 or later is crucial for mitigation.

Affected Version(s)

Oracle NetSuite service < 2020.1.4

References

https://system.netsuite.com/app/help/helpcenter.nl

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 27, 2020
Vulnerability Reserved
Jun 19, 2020