CVE-2020-2809

Name of the Vulnerable Software and Affected Versions Oracle E-Business Intelligence versions 12.1.1 through 12.1.3

Description The issue is related to inadequate access control in the DBI Setups component of Oracle E-Business Intelligence, part of the Oracle E-Business Suite. This allows a remote attacker to gain unauthorized access to sensitive information or modify, add, or delete data using the HTTP protocol. Successful attacks require some interaction from someone other than the attacker and can significantly impact additional products, leading to unauthorized access to critical data or complete access to all accessible data within Oracle E-Business Intelligence.

Recommendations For versions 12.1.1 through 12.1.3, consider restricting access to the DBI Setups component until a fix is available, and ensure that all interactions with the Oracle E-Business Intelligence system are closely monitored to prevent unauthorized data modifications. At the moment, there is no information about a newer version that contains a fix for this vulnerability.