CVE-2020-2522

Name of the Vulnerable Software and Affected Versions Oracle Knowledge versions 8.6.0 through 8.6.1

Description The issue is related to insufficient input validation in the Information Manager Console component of Oracle Knowledge, allowing a remote attacker to modify, add, or delete data using the HTTP protocol. The attack requires some interaction from a person other than the attacker and can result in unauthorized access to some of the data accessible through Oracle Knowledge.

Recommendations For versions 8.6.0 through 8.6.1, update to a version that includes the fix for this issue to prevent unauthorized data modification. At the moment, there is no information about a newer version that contains a fix for this vulnerability.