CVE-2020-2824

Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite versions 12.1.1 through 12.1.3

Description The issue is related to inadequate access control in the Print Server component of Oracle One-to-One Fulfillment. It allows an unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and may significantly impact additional products. This can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data, as well as unauthorized update, insert, or delete access to some of Oracle One-to-One Fulfillment accessible data.

Recommendations For versions 12.1.1 through 12.1.3, consider restricting access to the Print Server component until a patch is available. As a temporary workaround, limit the use of HTTP protocol for accessing Oracle One-to-One Fulfillment to minimize the risk of exploitation.