Unauthenticated Access Flaw in Oracle E-Business Intelligence Suite
CVE-2020-2808

8.2HIGH

Key Information:

Vendor: Oracle
Status: E-business Intelligence
Vendor: CVE Published:; 15 April 2020

Summary

An access vulnerability in Oracle E-Business Intelligence allows an unauthenticated attacker with network access to potentially compromise the system. Although exploitation requires human interaction from a third party, the consequences can include unauthorized access to sensitive data and various forms of data manipulation, such as updates, inserts, or deletions. This issue primarily affects versions 12.1.1 to 12.1.3 of Oracle E-Business Intelligence but can also impact other products in the suite, highlighting the importance of a robust security posture.

Affected Version(s)

E-Business Intelligence 12.1.1-12.1.3

References

https://www.oracle.com/security-alerts/cpuapr2020.html

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 15, 2020
Vulnerability Reserved
Dec 10, 2019