Unauthorized Access Vulnerability in Oracle Enterprise Manager's Discovery Framework
CVE-2020-2961

9.8CRITICAL

Key Information:

Vendor: Oracle
Status: Enterprise Manager Base Platform
Vendor: CVE Published:; 15 April 2020

What is CVE-2020-2961?

A vulnerability exists in the Discovery Framework of Oracle Enterprise Manager Base Platform, allowing an unauthenticated attacker to gain network access via HTTP. This could lead to a full compromise of the Enterprise Manager, affecting its confidentiality, integrity, and availability. Affected versions include 13.2.0.0 and 13.3.0.0. It is crucial to implement security measures to protect against this easily exploitable vulnerability.

Affected Version(s)

Enterprise Manager Base Platform 13.2.0.0

Enterprise Manager Base Platform 13.3.0.0

References

https://www.oracle.com/security-alerts/cpuapr2020.html

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2020
Vulnerability Reserved
Dec 10, 2019