Security Flaw in Oracle E-Business Suite's iSupport Component
CVE-2020-2668

4.7MEDIUM

Key Information:

Vendor: Oracle
Status: Isupport
Vendor: CVE Published:; 15 January 2020

What is CVE-2020-2668?

A vulnerability exists in the iSupport component of Oracle E-Business Suite that allows unauthenticated attackers with network access via HTTPS to compromise the system. Successful exploitation of this flaw may enable unauthorized updates, inserts, or deletions of accessible data. Notably, while the vulnerability is specific to iSupport, its repercussions can extend to other integrated Oracle products, especially since attacks necessitate user interaction from individuals not involved in the attack.

Affected Version(s)

iSupport 12.1.1-12.1.3

iSupport 12.2.3-12.2.9

References

https://www.oracle.com/security-alerts/cpujan2020.html

x_refsource_MISC

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 15, 2020
Vulnerability Reserved
Dec 10, 2019