Unauthenticated Access Vulnerability in Oracle E-Business Suite's Application Object Library
CVE-2020-14840

4.7MEDIUM

Key Information:

Vendor: Oracle
Status: Application Object Library
Vendor: CVE Published:; 21 October 2020

Summary

An unauthenticated access vulnerability exists in the Oracle Application Object Library component of Oracle E-Business Suite, allowing an attacker with network access via HTTP to exploit the system. This vulnerability affects supported versions 12.1.3 and versions 12.2.3 through 12.2.10. While an attack requires human interaction from a person other than the attacker, it poses a significant risk as it could lead to unauthorized updates, insertions, or deletions of accessible data within Oracle Application Object Library. Attackers can exploit this vulnerability to impact other products relying on the affected component, leading to broader security implications.

Affected Version(s)

Application Object Library 12.1.3

Application Object Library 12.2.3 - 12.2.10

References

https://www.oracle.com/security-alerts/cpuoct2020.html

x_refsource_MISC

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 21, 2020
Vulnerability Reserved
Jun 19, 2020