Unauthorized Data Access Vulnerability in Oracle Depot Repair of Oracle E-Business Suite
CVE-2020-2849

8.2HIGH

Key Information:

Vendor: Oracle
Status: Depot Repair
Vendor: CVE Published:; 15 April 2020

Summary

The vulnerability in Oracle Depot Repair allows an unauthenticated attacker with network access to exploit the system via HTTP. This can lead to unauthorized access to sensitive data. Successful exploitation requires human interaction, which means an individual other than the attacker must unknowingly assist in the attack. While the vulnerability specifically affects the Oracle Depot Repair component, it can potentially impact other linked products within the Oracle E-Business Suite ecosystem. Attackers can execute unauthorized operations, including updates, inserts, or deletions of data within Oracle Depot Repair, making this a serious security concern.

Affected Version(s)

Depot Repair 12.1.1-12.1.3

References

https://www.oracle.com/security-alerts/cpuapr2020.html

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 15, 2020
Vulnerability Reserved
Dec 10, 2019