Unauthorized Access in Oracle E-Business Suite's Quoting Component
CVE-2020-2833

8.2HIGH

Key Information:

Vendor: Oracle
Status: Quoting
Vendor: CVE Published:; 15 April 2020

Summary

A vulnerability in the Oracle Quoting component of Oracle E-Business Suite allows an unauthenticated attacker to compromise the system through HTTP. This easily exploitable weakness requires human interaction from a third party, potentially leading to unauthorized access to sensitive data. Attackers could gain complete access to Oracle Quoting data, along with the ability to update, insert, or delete such data. The impact of this vulnerability can extend beyond Oracle Quoting, affecting other products as well.

Affected Version(s)

Quoting 12.1.1-12.1.3

References

https://www.oracle.com/security-alerts/cpuapr2020.html

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 15, 2020
Vulnerability Reserved
Dec 10, 2019