Vulnerability in Oracle E-Business Suite Affecting Web Applications Desktop Integrator
CVE-2020-2591

8.2HIGH

Key Information:

Vendor: Oracle
Status: Web Applications Desktop Integrator
Vendor: CVE Published:; 15 January 2020

What is CVE-2020-2591?

This vulnerability in the Oracle Web Applications Desktop Integrator allows an unauthenticated attacker to exploit the system via HTTPS. Successful exploitation requires human interaction from another individual, potentially leading to unauthorized access to sensitive data. The impact of this vulnerability extends beyond the Web Applications Desktop Integrator itself, posing risks to additional components within the Oracle E-Business Suite. Attackers may gain full access to all data accessible through this interface, enabling unauthorized modifications such as updates, insertions, or deletions of critical information.

Affected Version(s)

Web Applications Desktop Integrator 12.1.3

References

https://www.oracle.com/security-alerts/cpujan2020.html

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 15, 2020
Vulnerability Reserved
Dec 10, 2019