Vulnerability in Identity Manager of Oracle Fusion Middleware
CVE-2020-2729

5.4MEDIUM

Key Information:

Vendor: Oracle
Status: Identity Manager
Vendor: CVE Published:; 15 January 2020

Summary

A vulnerability exists in the Identity Manager component of Oracle Fusion Middleware that allows low-privileged attackers with network access via HTTP to compromise the system. This exploitation leads to potential unauthorized modifications, insertions, or deletions of accessible data, as well as unapproved reading of certain data sets. Users should upgrade to the latest versions to mitigate this risk and secure their environments.

Affected Version(s)

Identity Manager 11.1.2.3.0

Identity Manager 12.2.1.3.0

References

https://www.oracle.com/security-alerts/cpujan2020.html

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 15, 2020
Vulnerability Reserved
Dec 10, 2019