Unauthorized Access Vulnerability in Oracle iSupport of Oracle E-Business Suite
CVE-2020-2667

4.7MEDIUM

Key Information:

Vendor: Oracle
Status: Isupport
Vendor: CVE Published:; 15 January 2020

What is CVE-2020-2667?

A vulnerability exists in Oracle iSupport, part of Oracle E-Business Suite, which can be exploited by unauthenticated attackers with network access via HTTPS. Successful exploitation requires human interaction from a party other than the attacker. While primarily affecting Oracle iSupport, the impact can extend to other products within the suite. This vulnerability may enable unauthorized updates, inserts, or deletions of accessible data, posing a risk to the integrity of the system.

Affected Version(s)

iSupport 12.1.1-12.1.3

iSupport 12.2.3-12.2.9

References

https://www.oracle.com/security-alerts/cpujan2020.html

x_refsource_MISC

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 15, 2020
Vulnerability Reserved
Dec 10, 2019