Command Line Interface Vulnerability in Oracle's Enterprise Manager Base Platform
CVE-2020-2646

5.4MEDIUM

Key Information:

Vendor: Oracle
Status: Enterprise Manager Base Platform
Vendor: CVE Published:; 15 January 2020

Summary

A low-privileged attacker with network access can exploit a vulnerability in the Command Line Interface of Oracle's Enterprise Manager Base Platform. This exploitation requires human interaction from a third party, highlighting the importance of user awareness. Although the flaw resides in the Enterprise Manager Base Platform, successful attacks can compromise data across other connected products. Affected versions 12.1.0.5, 13.2.0.0, and 13.3.0.0 could allow unauthorized users to update, insert, or delete crucial data as well as access sensitive information without permission.

Affected Version(s)

Enterprise Manager Base Platform 12.1.0.5

Enterprise Manager Base Platform 13.2.0.0

Enterprise Manager Base Platform 13.3.0.0

References

https://www.oracle.com/security-alerts/cpujan2020.html

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 15, 2020
Vulnerability Reserved
Dec 10, 2019