Vulnerability in Oracle HTTP Server of Oracle Fusion Middleware
CVE-2020-2530

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Http Server
Vendor: CVE Published:; 15 January 2020

What is CVE-2020-2530?

An exploitable vulnerability exists in the Oracle HTTP Server component of Oracle Fusion Middleware, which allows unauthenticated attackers with network access to compromise the server. Successful exploitation may require interaction from a third party and can lead to unauthorized access to sensitive data, including the ability to update, insert, or delete information. This vulnerability can also potentially impact connected products significantly.

Affected Version(s)

HTTP Server 11.1.1.9.0

HTTP Server 12.1.3.0.0

HTTP Server 12.2.1.3.0

References

https://www.oracle.com/security-alerts/cpujan2020.html

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 15, 2020
Vulnerability Reserved
Dec 10, 2019