Vulnerability in Oracle E-Business Suite Print Server Component
CVE-2020-2826

8.2HIGH

Key Information:

Vendor: Oracle
Status: One-to-one Fulfillment
Vendor: CVE Published:; 15 April 2020

Summary

A vulnerability exists in the Print Server component of the Oracle One-to-One Fulfillment product within Oracle E-Business Suite. This flaw allows an unauthenticated attacker with network access via HTTP to compromise the system. While the attack requires human interaction, it poses significant risks, as it could lead to unauthorized access and manipulation of sensitive data within the Oracle One-to-One Fulfillment. Successful exploitation could allow an attacker to not only access deep data insights but also perform unauthorized updates, inserts, or deletions to accessible data.

Affected Version(s)

One-to-One Fulfillment 12.1.1-12.1.3

References

https://www.oracle.com/security-alerts/cpuapr2020.html

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 15, 2020
Vulnerability Reserved
Dec 10, 2019