PT-2020-2135 · Oracle · Enterprise Manager Base Platform

Published

2020-04-15

Updated

2020-04-16

CVE-2020-2961

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Enterprise Manager Base Platform versions 13.2.0.0 through 13.3.0.0

Description The issue is related to insufficient access control in the Discovery Framework component of the Enterprise Manager Base Platform, allowing a remote attacker to modify, add, or delete data, or gain unauthorized access to protected information via the HTTP protocol. This can result in the takeover of the Enterprise Manager Base Platform.

Recommendations For versions 13.2.0.0 and 13.3.0.0, update to a version that addresses the insufficient access control issue in the Discovery Framework component to prevent unauthorized access and potential takeover of the Enterprise Manager Base Platform.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

BDU:2020-02024

CVE-2020-2961

Affected Products

Enterprise Manager Base Platform

PT-2020-2135 · Oracle · Enterprise Manager Base Platform

CVE-2020-2961

Weakness Enumeration

Related Identifiers

Affected Products

References · 4