Vulnerability in Oracle Applications Framework of Oracle E-Business Suite
CVE-2020-2890

8.2HIGH

Key Information:

Vendor: Oracle
Status: Applications Framework
Vendor: CVE Published:; 15 April 2020

Summary

The vulnerability in the Oracle Applications Framework component of the Oracle E-Business Suite enables unauthenticated remote attackers with network access to compromise the Applications Framework. Exploitation requires human interaction from a person other than the attacker, creating a unique attack vector. Victims may experience unauthorized access to critical data, as the vulnerability allows attackers to potentially gain full access to all accessible data within the Applications Framework, along with unauthorized operations such as update, insert, or delete actions on certain data. The implications of such an exploit can be severe, impacting data confidentiality and integrity across multiple associated products.

Affected Version(s)

Applications Framework 12.1.3

Applications Framework 12.2.3-12.2.9

References

https://www.oracle.com/security-alerts/cpuapr2020.html

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 15, 2020
Vulnerability Reserved
Dec 10, 2019