CVE-2020-2553

Name of the Vulnerable Software and Affected Versions Oracle Knowledge versions 8.6.0 through 8.6.3

Description The issue allows an unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge, resulting in unauthorized update, insert, or delete access to some of Oracle Knowledge's accessible data, as well as unauthorized read access to a subset of Oracle Knowledge's accessible data. This is due to insufficient input validation in the Information Manager Console component.

Recommendations For Oracle Knowledge versions 8.6.0 through 8.6.3, consider restricting access to the Information Manager Console component until a patch is available. As a temporary workaround, limit the use of HTTP protocol for sensitive operations to minimize the risk of exploitation.