CVE-2020-14874

4.7MEDIUM

Key Information:

Vendor: Oracle
Status: Oracle Cloud Infrastructure Identity And Access Management
Vendor: CVE Published:; 22 December 2020

Summary

Vulnerability in the Oracle Cloud Infrastructure Identity and Access Management product of Oracle Cloud Services. Easily exploitable vulnerability allows high privileged attacker with network access to compromise Oracle Cloud Infrastructure Identity and Access Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Cloud Infrastructure Identity and Access Management accessible data as well as unauthorized read access to a subset of Oracle Cloud Infrastructure Identity and Access Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Cloud Infrastructure Identity and Access Management.

Affected Version(s)

Oracle Cloud Infrastructure Identity and Access Management *

References

https://www.oracle.com/security-alerts/oracle-cves-outsid...

x_refsource_MISC

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 22, 2020
Vulnerability Reserved
Jun 19, 2020