CVE-2020-2795

Name of the Vulnerable Software and Affected Versions Oracle Knowledge versions 8.6.0 through 8.6.2

Description The issue is related to insufficient input validation in the Information Manager Console component of Oracle Knowledge. It allows a high-privileged attacker with logon access to the infrastructure where Oracle Knowledge is executed to compromise Oracle Knowledge. Successful attacks require human interaction from a person other than the attacker and can result in the takeover of Oracle Knowledge. The exploitation can be done remotely via the HTTP protocol, impacting the confidentiality, integrity, and availability of the protected information.

Recommendations For Oracle Knowledge versions 8.6.0 through 8.6.2, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.