Unauthenticated Access Vulnerability in Oracle Depot Repair by Oracle
CVE-2020-2845

8.2HIGH

Key Information:

Vendor: Oracle
Status: Depot Repair
Vendor: CVE Published:; 15 April 2020

Summary

A security flaw in Oracle Depot Repair, part of Oracle E-Business Suite, permits an unauthenticated attacker with network access via HTTP to exploit the system. This vulnerability can be easily triggered, as it requires human interaction from someone other than the attacker. Attackers may gain unauthorized access to sensitive data or even complete control over all data that is accessible through Oracle Depot Repair. Furthermore, this vulnerability could potentially extend its impact beyond the Depot Repair product, affecting additional components within Oracle's ecosystem.

Affected Version(s)

Depot Repair 12.1.1-12.1.3

References

https://www.oracle.com/security-alerts/cpuapr2020.html

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 15, 2020
Vulnerability Reserved
Dec 10, 2019