Oracle E-Business Suite Vulnerability in Human Resources Product
CVE-2020-2586

9.9CRITICAL

Key Information:

Vendor: Oracle
Status: Human Resources
Vendor: CVE Published:; 15 January 2020

Summary

A vulnerability exists in the Oracle Human Resources component of the Oracle E-Business Suite, affecting multiple supported versions. This flaw allows a low-privileged attacker with network access via HTTPS to exploit the system, potentially leading to unauthorized actions such as creation, deletion, or modification of critical data. The impact of this vulnerability extends to additional products, posing serious risks, including unauthorized access to sensitive information and the ability to induce a partial denial of service. Organizations using affected versions of Oracle E-Business Suite should prioritize immediate updates and implement security measures to mitigate risks associated with this vulnerability.

Affected Version(s)

Human Resources 12.1.1-12.1.3

Human Resources 12.2.3-12.2.9

References

https://www.oracle.com/security-alerts/cpujan2020.html

x_refsource_MISC

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 15, 2020
Vulnerability Reserved
Dec 10, 2019