Security Flaw in Oracle E-Business Suite Marketing Administration Component
CVE-2020-2835

8.2HIGH

Key Information:

Vendor: Oracle
Status: Marketing
Vendor: CVE Published:; 15 April 2020

Summary

An unauthenticated access vulnerability exists in the Marketing Administration component of the Oracle Marketing product within Oracle E-Business Suite. This flaw allows an attacker with network access via HTTP to potentially exploit the application. Successful exploitation requires human interaction, but the impact can significantly extend beyond Oracle Marketing, resulting in unauthorized access to critical data. Attackers may gain the ability to update, insert, or delete data that is accessible through Oracle Marketing, posing serious risks to data confidentiality and integrity.

Affected Version(s)

Marketing 12.1.1-12.1.3

References

https://www.oracle.com/security-alerts/cpuapr2020.html

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 15, 2020
Vulnerability Reserved
Dec 10, 2019