Vulnerability in Oracle E-Business Suite affecting Oracle iSupport
CVE-2020-2662

8.2HIGH

Key Information:

Vendor: Oracle
Status: Isupport
Vendor: CVE Published:; 15 January 2020

Summary

The vulnerability in Oracle iSupport allows an unauthenticated attacker with network access via HTTPS to compromise the system. While the attacker requires interaction from another user, the successful exploit can lead to unauthorized access to critical data within Oracle iSupport. This not only jeopardizes the integrity of the data but also poses risks to other linked products within the Oracle E-Business Suite. Attackers might gain unauthorized permissions to update, insert, or delete data, which can have severe implications for data confidentiality and integrity.

Affected Version(s)

iSupport 12.1.1-12.1.3

iSupport 12.2.3-12.2.9

References

https://www.oracle.com/security-alerts/cpujan2020.html

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 15, 2020
Vulnerability Reserved
Dec 10, 2019