Information Management Console Vulnerability in Oracle Knowledge
CVE-2020-2522

4.3MEDIUM

Key Information:

Vendor: Oracle
Status: Knowledge
Vendor: CVE Published:; 15 April 2020

Summary

This vulnerability exists within the Information Manager Console of the Oracle Knowledge product, allowing unauthenticated attackers with network access to potentially compromise the system. Successful exploitation requires human interaction from a third party, enabling unauthorized updates, insertions, or deletions of data accessible through Oracle Knowledge. Users are encouraged to address this vulnerability to maintain the integrity of their data.

Affected Version(s)

Knowledge 8.6.0-8.6.1

References

https://www.oracle.com/security-alerts/cpuapr2020.html

x_refsource_MISC

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 15, 2020
Vulnerability Reserved
Dec 10, 2019