CVE-2020-2865

Name of the Vulnerable Software and Affected Versions Oracle Configurator versions 12.1 and 12.2

Description The issue is related to insufficient access control in the Installation component of the Oracle Configurator application. It allows a remote attacker to gain unauthorized access to protected information via the HTTP protocol. Successful exploitation can result in unauthorized read access to a subset of Oracle Configurator accessible data.

Recommendations For Oracle Configurator version 12.1, update to a version that includes the necessary security patches to address the insufficient access control issue. For Oracle Configurator version 12.2, apply the recommended security fixes to mitigate the risk of unauthorized access.