Vulnerability in Oracle E-Business Suite's iSupport Component
CVE-2020-2815

8.2HIGH

Key Information:

Vendor
Oracle
Status
Isupport
Vendor
CVE Published:
15 April 2020

Summary

A vulnerability exists within the Oracle iSupport component of Oracle E-Business Suite, permitting unauthenticated attackers with network access via HTTP to compromise the application. The flaw enables unauthorized users to gain access to sensitive information and data manipulation capabilities after requiring some form of human interaction. This breach not only affects Oracle iSupport but can also have far-reaching consequences on associated products, allowing for potential unauthorized data access, including the ability to update, insert, or delete records. Organizations utilizing affected versions must assess their security posture and implement necessary safeguards to mitigate risks.

Affected Version(s)

iSupport 12.1.1-12.1.3

References

https://www.oracle.com/security-alerts/cpuapr2020.html
x_refsource_MISC

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.