Vulnerability in Oracle E-Business Suite’s Marketing Administration Component
CVE-2020-2858

8.2HIGH

Key Information:

Vendor: Oracle
Status: Marketing
Vendor: CVE Published:; 15 April 2020

Summary

An exploitable vulnerability exists in the Marketing Administration component of Oracle E-Business Suite, affecting versions 12.1.1 to 12.1.3. An unauthenticated attacker with network access can exploit this vulnerability via HTTP, leading to unauthorized access to critical data. This may allow attackers to view, update, insert, or delete information in Oracle Marketing without proper authorization. Successful exploitation necessitates human interaction from someone other than the perpetrator, thereby amplifying the risk to sensitive data across interconnected Oracle systems.

Affected Version(s)

Marketing 12.1.1-12.1.3

References

https://www.oracle.com/security-alerts/cpuapr2020.html

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 15, 2020
Vulnerability Reserved
Dec 10, 2019