Security Vulnerability in Oracle Transportation Management by Oracle
CVE-2020-2744

5.4MEDIUM

Key Information:

Vendor: Oracle
Status: Transportation Management
Vendor: CVE Published:; 15 April 2020

Summary

A security vulnerability has been identified in Oracle Transportation Management that allows a low privileged attacker with network access via HTTP to exploit the system. While the vulnerability primarily affects Oracle Transportation Management, successful exploitation could significantly impact additional connected products. Attackers are required to have human interaction from a user other than themselves to carry out a successful attack. The vulnerability permits unauthorized actions such as updating, inserting, or deleting access to certain data within Oracle Transportation Management, as well as unauthorized reading of a subset of that data. The potential compromise of sensitive information poses a risk to the integrity and confidentiality of the data managed by the application.

Affected Version(s)

Transportation Management 6.3.7

Transportation Management 6.4.2

Transportation Management 6.4.3

References

https://www.oracle.com/security-alerts/cpuapr2020.html

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 15, 2020
Vulnerability Reserved
Dec 10, 2019