Unauthenticated Network Vulnerability in Oracle CRM Technical Foundation of Oracle E-Business Suite
CVE-2020-2652

8.2HIGH

Key Information:

Vendor: Oracle
Status: Crm Technical Foundation
Vendor: CVE Published:; 15 January 2020

Summary

An unauthenticated network vulnerability has been identified in Oracle CRM Technical Foundation, a component of Oracle E-Business Suite. The issue affects versions 12.1.3 and 12.2.3 to 12.2.9, allowing attackers with network access via HTTPS to potentially compromise the system. Exploitation requires human interaction from an individual other than the attacker. This vulnerability poses significant risks as it can lead to unauthorized access to critical data and provide attackers with the ability to modify, insert, or delete accessible data within Oracle CRM Technical Foundation. Notably, despite being localized within CRM Technical Foundation, the impact may extend to additional products within the suite, making it a serious concern for organizations utilizing these applications.

Affected Version(s)

CRM Technical Foundation 12.1.3

CRM Technical Foundation 12.2.3-12.2.9

References

https://www.oracle.com/security-alerts/cpujan2020.html

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 15, 2020
Vulnerability Reserved
Dec 10, 2019