CVE-2020-2614

Name of the Vulnerable Software and Affected Versions Enterprise Manager for Fusion Middleware versions 13.2.0.0 through 13.3.0.0

Description The issue is related to insufficient access control in the APM Mesh component of the Enterprise Manager for Fusion Middleware product. It allows a remote attacker to gain access to modify, add, or delete data, obtain unauthorized access to protected information, or cause a denial of service using the HTTP protocol. Successful attacks can result in unauthorized access to critical data, complete access to all accessible data, unauthorized update, insert, or delete access to some data, and the ability to cause a partial denial of service.

Recommendations For versions 13.2.0.0 and 13.3.0.0, consider restricting access to the APM Mesh component until a patch is available. As a temporary workaround, limit network access via HTTP to the Enterprise Manager for Fusion Middleware to minimize the risk of exploitation. Avoid using the HTTP protocol for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.