CVE-2020-2586

Name of the Vulnerable Software and Affected Versions Oracle Human Resources versions 12.1.1 through 12.1.3 Oracle Human Resources versions 12.2.3 through 12.2.9

Description The issue exists due to insufficient input validation in the Hierarchy Diagrammers component of Oracle Human Resources. This allows a remote attacker to modify, add, or delete data, gain unauthorized access to protected information, or cause a partial denial of service using the HTTPS protocol. Successful attacks can result in unauthorized creation, deletion, or modification access to critical data, as well as unauthorized access to all accessible data in Oracle Human Resources.

Recommendations For versions 12.1.1 through 12.1.3, update to a version that includes the fix for this issue. For versions 12.2.3 through 12.2.9, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Hierarchy Diagrammers component until a patch is available.