CVE-2020-2874

Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite versions 12.1.1 through 12.1.3

Description The issue is related to insufficient input validation in the Customer Search subcomponent of the Oracle Email Center product. It allows an unauthenticated attacker with network access via HTTP to compromise the Oracle Email Center, potentially leading to unauthorized access to critical data or complete access to all Oracle Email Center accessible data. Successful attacks may also result in unauthorized update, insert, or delete access to some of the Oracle Email Center accessible data and require human interaction from a person other than the attacker.

Recommendations For versions 12.1.1 through 12.1.3, consider restricting access to the Customer Search subcomponent until a fix is available. As a temporary workaround, limit the use of HTTP requests to the affected subcomponent to minimize the risk of exploitation. Additionally, ensure that all inputs are thoroughly validated to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.