Vulnerability in Oracle Enterprise Manager Application Performance Monitoring
CVE-2020-2946

6MEDIUM

Key Information:

Vendor: Oracle
Status: Apm - Application Performance Management
Vendor: CVE Published:; 15 April 2020

Summary

A vulnerability exists in the Application Performance Management component of Oracle Enterprise Manager, specifically in versions 12.1.0.5, 13.2.0.0, and 13.3.0.0. This flaw can be exploited by high-privileged attackers with network access via HTTP, leading to unauthorized access to sensitive data. Attackers could potentially manipulate Application Performance Management by executing operations such as unauthorized updates, insertions, or deletions of accessible data, as well as cause a partial denial of service. This poses a significant risk to the integrity and confidentiality of monitored applications.

Affected Version(s)

APM - Application Performance Management 12.1.0.5

APM - Application Performance Management 13.2.0.0

APM - Application Performance Management 13.3.0.0

References

https://www.oracle.com/security-alerts/cpuapr2020.html

x_refsource_MISC

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 15, 2020
Vulnerability Reserved
Dec 10, 2019