CVE-2020-2646

Name of the Vulnerable Software and Affected Versions Enterprise Manager Base Platform versions 12.1.0.5 through 13.3.0.0

Description The issue is related to inadequate access control in the Command Line Interface component of the Enterprise Manager Base Platform. It allows a remote attacker to gain unauthorized access to modify, add, or delete data, or access protected information via the HTTP protocol. The vulnerability can be easily exploited by a low-privileged attacker with network access. Successful attacks require human interaction and can significantly impact additional products, resulting in unauthorized access to some data and read access to a subset of the platform's accessible data.

Recommendations For versions 12.1.0.5, 13.2.0.0, and 13.3.0.0, update to a version that includes the fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the Command Line Interface component until a patch is available. Restrict access to the HTTP protocol to minimize the risk of exploitation.