Vulnerability in Oracle E-Business Suite: Depot Repair Component
CVE-2020-2848

8.2HIGH

Key Information:

Vendor: Oracle
Status: Depot Repair
Vendor: CVE Published:; 15 April 2020

Summary

An access control vulnerability exists in the Oracle Depot Repair component of Oracle E-Business Suite, which could be exploited by an unauthenticated attacker with network access via HTTP. The attacker needs human interaction from a user to successfully execute the attack. This vulnerability poses a significant risk, as it allows unauthorized access to critical data, with potential ramifications that may extend to other interconnected products. Attackers could gain complete access to all data within Oracle Depot Repair and have unauthorized capabilities to update, insert, or delete data. Organizations using affected versions should prioritize mitigations to safeguard sensitive information.

Affected Version(s)

Depot Repair 12.1.1-12.1.3

References

https://www.oracle.com/security-alerts/cpuapr2020.html

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 15, 2020
Vulnerability Reserved
Dec 10, 2019