Vulnerability in Oracle E-Business Suite Human Resources Component by Oracle
CVE-2020-2587

9.9CRITICAL

Key Information:

Vendor: Oracle
Status: Human Resources
Vendor: CVE Published:; 15 January 2020

Summary

This vulnerability in the Oracle Human Resources component of the Oracle E-Business Suite presents an exploit risk for low-privileged attackers with network access via HTTPS. It could lead to unauthorized actions, such as the creation, deletion, or modification of critical data. Moreover, successful exploitation could allow complete access to Oracle Human Resources data as well as the potential to cause operational disruptions. Attackers leveraging this vulnerability may significantly impact the confidentiality, integrity, and availability of sensitive information across associated Oracle products.

Affected Version(s)

Human Resources 12.1.1-12.1.3

Human Resources 12.2.3-12.2.9

References

https://www.oracle.com/security-alerts/cpujan2020.html

x_refsource_MISC

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 15, 2020
Vulnerability Reserved
Dec 10, 2019