Vulnerability in Oracle Common Applications Calendar of Oracle E-Business Suite
CVE-2020-2820
8.2HIGH
Summary
An exploitable vulnerability exists in Oracle's Common Applications Calendar within the Oracle E-Business Suite, affecting multiple versions. This flaw allows unauthenticated attackers with network access via HTTP to compromise the application. While the primary vulnerability lies in the Calendar, successful exploitation can lead to unauthorized access to sensitive data and potential modifications, highlighting a significant risk for affected organizations. These attacks necessitate some level of human interaction, posing unique challenges for security teams.
Affected Version(s)
Common Applications Calendar 12.1.1-12.1.3
Common Applications Calendar 12.2.3-12.2.8
References
CVSS V3.1
Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved