Unauthenticated Access Vulnerability in Oracle Knowledge Management of E-Business Suite
CVE-2020-2841

8.2HIGH

Key Information:

Vendor: Oracle
Status: Knowledge Management
Vendor: CVE Published:; 15 April 2020

Summary

The Oracle Knowledge Management component within the Oracle E-Business Suite is susceptible to a vulnerability that enables unauthenticated attackers to gain access via HTTP. The exploit requires human interaction, creating opportunities for potential data breaches. Successful exploitation can lead to unauthorized access, allowing the attacker to manipulate critical data, which includes the ability to update, insert, or delete records. Given the significant negative impact potential on related products, this vulnerability poses a serious threat to data integrity and confidentiality across the platform.

Affected Version(s)

Knowledge Management 12.1.1-12.1.3

References

https://www.oracle.com/security-alerts/cpuapr2020.html

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 15, 2020
Vulnerability Reserved
Dec 10, 2019