CVE-2020-2862

Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite (component: Print Server) versions 12.1.1 through 12.1.3 Oracle E-Business Suite (component: Print Server) versions 12.2.3 through 12.2.9

Description The issue is related to insufficient access control in the Print Server component of Oracle One-to-One Fulfillment. It allows an unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment, potentially leading to unauthorized read access to a subset of accessible data. Successful attacks require human interaction from a person other than the attacker and may significantly impact additional products.

Recommendations For versions 12.1.1 through 12.1.3, update to a version outside of this range to mitigate the risk. For versions 12.2.3 through 12.2.9, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the Print Server component until a patch is available.