Unauthorized Access Vulnerability in Oracle E-Business Suite CRM
CVE-2020-14850

8.2HIGH

Key Information:

Vendor
Oracle
Status
Crm Technical Foundation
Vendor
CVE Published:
21 October 2020

Summary

A vulnerability exists within the Oracle CRM Technical Foundation, part of the Oracle E-Business Suite, which could allow an unauthenticated attacker to gain unauthorized access to critical data. This vulnerability requires human interaction from a user apart from the attacker to be exploited. Once compromised, attackers could have full access to sensitive data and could execute unauthorized operations such as updates, insertions, or deletions of accessible data. This not only compromises the CRM system but could potentially impact additional integrated products within the suite.

Affected Version(s)

CRM Technical Foundation 12.1.3

CRM Technical Foundation 12.2.3 - 12.2.10

References

https://www.oracle.com/security-alerts/cpuoct2020.html
x_refsource_MISC

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.