Unauthenticated Network Access Flaw in Oracle E-Business Suite CRM
CVE-2020-2651

8.2HIGH

Key Information:

Vendor: Oracle
Status: Crm Technical Foundation
Vendor: CVE Published:; 15 January 2020

Summary

An unauthenticated network access vulnerability exists in Oracle CRM Technical Foundation, part of Oracle E-Business Suite. This issue affects versions 12.1.3 and 12.2.3 through 12.2.9, allowing remote attackers with network access via HTTPS to exploit the vulnerability. Successful exploitation can lead to unauthorized access to sensitive data within Oracle CRM Technical Foundation. It requires human interaction from a user other than the attacker. While primarily affecting the CRM Technical Foundation, this vulnerability may also impact other integrated Oracle products, potentially resulting in unauthorized data manipulation, including updates, inserts, and deletions.

Affected Version(s)

CRM Technical Foundation 12.1.3

CRM Technical Foundation 12.2.3-12.2.9

References

https://www.oracle.com/security-alerts/cpujan2020.html

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 15, 2020
Vulnerability Reserved
Dec 10, 2019