CVE-2020-2622

Name of the Vulnerable Software and Affected Versions Oracle Enterprise Manager versions 12.1.0.5, 13.2.0.0, 13.3.0.0

Description The issue is related to the Event Management component of the Enterprise Manager Base Platform product, which is affected by a vulnerability related to insufficient access controls. This vulnerability can be exploited by a high-privileged attacker with network access via the HTTP protocol, allowing unauthorized access to critical data, modification, insertion, or deletion of data, and potentially causing a partial denial of service.

Recommendations For versions 12.1.0.5, 13.2.0.0, and 13.3.0.0, consider restricting access to the Event Management component until a patch is available. As a temporary workaround, limit the use of the HTTP protocol for accessing the Enterprise Manager Base Platform to minimize the risk of exploitation. Restrict privileges for users with network access to reduce the potential impact of the vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.