Vulnerability in Oracle E-Business Suite's Human Resources Component
CVE-2020-2956

8.1HIGH

Key Information:

Vendor: Oracle
Status: Human Resources
Vendor: CVE Published:; 15 April 2020

Summary

A vulnerability affects the Oracle Human Resources component within the Oracle E-Business Suite, specifically its Hierarchy Diagrammers. It allows an attacker with low privileges and network access via HTTP to exploit the weakness. Successful exploitation can enable unauthorized actions such as creating, deleting, or modifying sensitive data, jeopardizing the integrity and confidentiality of all accessible information within Oracle Human Resources. Organizations using supported versions 12.1.1 to 12.1.3 and 12.2.3 to 12.2.9 are encouraged to assess their systems and apply relevant patches to safeguard against potential threats.

Affected Version(s)

Human Resources 12.1.1-12.1.3

Human Resources 12.2.3-12.2.9

References

https://www.oracle.com/security-alerts/cpuapr2020.html

x_refsource_MISC

https://www.zerodayinitiative.com/advisories/ZDI-20-503/

x_refsource_MISC

EPSS Score

9% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 15, 2020
Vulnerability Reserved
Dec 10, 2019