Unauthenticated Access Vulnerability in Oracle E-Business Suite General Ledger
CVE-2020-2750

7.5HIGH

Key Information:

Vendor: Oracle
Status: General Ledger
Vendor: CVE Published:; 15 April 2020

Summary

An unauthenticated access vulnerability exists in Oracle's General Ledger component of the Oracle E-Business Suite. This security flaw affects multiple versions and can be exploited by attackers with HTTP network access, allowing them to gain unauthorized access to sensitive data. Successful exploitation could lead to the unauthorized retrieval of critical information, posing significant risks to the integrity and confidentiality of financial data managed within the Oracle General Ledger system.

Affected Version(s)

General Ledger 12.1.1-12.1.3

General Ledger 12.2.3-12.2.9

References

https://www.oracle.com/security-alerts/cpuapr2020.html

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 15, 2020
Vulnerability Reserved
Dec 10, 2019