CVE-2020-2637

Name of the Vulnerable Software and Affected Versions Oracle Enterprise Manager versions 12.1.0.5, 13.2.0.0, 13.3.0.0

Description The issue is related to a component of Oracle Enterprise Manager, specifically the Change Manager, which is web-based. It allows a high-privileged attacker with network access via HTTP to compromise the system. Successful attacks can result in unauthorized access to critical data, complete access to all accessible data, unauthorized updates, inserts, or deletes to some accessible data, and the ability to cause a partial denial of service.

Recommendations For versions 12.1.0.5, 13.2.0.0, and 13.3.0.0, apply the necessary patches or updates to fix the vulnerability. As a temporary workaround, consider restricting access to the Change Manager component until a patch is available. Restrict network access via HTTP to minimize the risk of exploitation.