Remote Code Execution Vulnerability in Oracle iSupport of Oracle E-Business Suite
CVE-2020-2855

8.2HIGH

Key Information:

Vendor: Oracle
Status: Isupport
Vendor: CVE Published:; 15 April 2020

What is CVE-2020-2855?

The vulnerability in Oracle iSupport, part of the Oracle E-Business Suite, allows an unauthenticated attacker with network access via HTTP to exploit the system. Successful exploitation could enable attackers to gain unauthorized access to sensitive data. It requires human interaction from an external individual, increasing the complexity of the attack. While the vulnerability is primarily in Oracle iSupport, the implications can extend to other products within the suite, leading to significant risks including unauthorized updates and deletions of data. Organizations using affected versions should prioritize patching to protect against potential threats.

Affected Version(s)

iSupport 12.1.1-12.1.3

References

https://www.oracle.com/security-alerts/cpuapr2020.html

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2020
Vulnerability Reserved
Dec 10, 2019