CVE-2020-2644

Name of the Vulnerable Software and Affected Versions Enterprise Manager Base Platform versions 12.1.0.5, 13.2.0.0, 13.3.0.0

Description The issue is related to insufficient access control in the Oracle Management Service component of the Enterprise Manager Base Platform. It can be exploited by a remote attacker to gain unauthorized access to protected information or cause a denial of service using the HTTP protocol. Successful attacks can result in unauthorized access to critical data, modification of some accessible data, or a partial denial of service.

Recommendations For version 12.1.0.5, update to a version that includes the necessary security patches to resolve the issue. For version 13.2.0.0, apply the recommended security fixes to mitigate the risk of exploitation. For version 13.3.0.0, consider restricting access to the Oracle Management Service component until a patch is available.