Unauthorized Data Access in Oracle Marketing Solution by Oracle
CVE-2020-14875

9.1CRITICAL

Key Information:

Vendor: Oracle
Status: Marketing
Vendor: CVE Published:; 21 October 2020

Summary

A vulnerability exists in the Oracle Marketing component of the Oracle E-Business Suite that allows unauthenticated attackers with network access via HTTP to gain unauthorized access. This security flaw may lead to unauthorized creation, deletion, or modification of critical data and offers attackers complete access to all data available in the Oracle Marketing system. Organizations using affected versions need to address this vulnerability promptly to prevent potential data breaches.

Affected Version(s)

Marketing 12.1.1 - 12.1.3

Marketing 12.2.3 - 12.2.10

References

https://www.oracle.com/security-alerts/cpuoct2020.html

x_refsource_MISC

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 21, 2020
Vulnerability Reserved
Jun 19, 2020