Vulnerability in Oracle Cloud Infrastructure Identity and Access Management
CVE-2020-14874

4.7MEDIUM

Key Information:

Vendor: Oracle
Status: Oracle Cloud Infrastructure Identity And Access Management
Vendor: CVE Published:; 22 December 2020

What is CVE-2020-14874?

A vulnerability exists within Oracle Cloud Infrastructure Identity and Access Management that can be exploited by a high privileged attacker with network access. This flaw allows for unauthorized updates, insertions, or deletions of accessible data. Additionally, it can lead to unauthorized read access to certain data and the ability to partially disrupt services, resulting in a significant risk to cloud service integrity and availability.

Affected Version(s)

Oracle Cloud Infrastructure Identity and Access Management *

References

https://www.oracle.com/security-alerts/oracle-cves-outsid...

x_refsource_MISC

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 22, 2020
Vulnerability Reserved
Jun 19, 2020