CVE-2020-2984

Name of the Vulnerable Software and Affected Versions Oracle Configuration Manager version 12.1.2.0.6

Description The issue exists due to insufficient input validation in the Discovery and collection script component of Oracle Configuration Manager. This allows a remote attacker to gain unauthorized access to protected information, or modify, add, or delete data. The vulnerability can be exploited by a low-privileged attacker with network access via HTTP, potentially resulting in unauthorized access to critical data or complete access to all accessible data, as well as unauthorized update, insert, or delete access to some accessible data.

Recommendations For version 12.1.2.0.6, update to a newer version that contains a fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the Discovery and collection script component to minimize the risk of unauthorized data access or modification.