Unauthorized Access Vulnerability in Oracle NetSuite SuiteCommerce Advanced
CVE-2020-14729
5.4MEDIUM
Summary
A vulnerability exists in the SuiteCommerce Advanced (SCA) Sites component of Oracle NetSuite, which may be exploited by low privileged attackers possessing network access via HTTP. This flaw enables them to create, delete, or modify critical data in NetSuite SCA. It may also permit unauthorized read access to certain data, posing potential risks to the confidentiality and integrity of the information managed within the NetSuite environment. Patching to version 2020.1.4 or later is crucial for mitigation.
Affected Version(s)
Oracle NetSuite service < 2020.1.4
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved