Unauthorized Access Vulnerability in Oracle Marketing Product by Oracle
CVE-2020-14817

8.2HIGH

Key Information:

Vendor: Oracle
Status: Marketing
Vendor: CVE Published:; 21 October 2020

Summary

An unauthenticated attacker with network access via HTTP can exploit a vulnerability in the Oracle Marketing product of the Oracle E-Business Suite. Affected versions include 12.1.1 through 12.1.3 and 12.2.3 through 12.2.10. This flaw requires human interaction to successfully execute an attack. Once exploited, it can lead to unauthorized access to sensitive data and allow attackers to perform unauthorized updates, inserts, or deletions on data accessible through Oracle Marketing, posing significant risks to the integrity and confidentiality of the data.

Affected Version(s)

Marketing 12.1.1 - 12.1.3

Marketing 12.2.3 - 12.2.10

References

https://www.oracle.com/security-alerts/cpuoct2020.html

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 21, 2020
Vulnerability Reserved
Jun 19, 2020