CVE-2020-14630

Name of the Vulnerable Software and Affected Versions Oracle Enterprise Session Border Controller versions 8.1.0 through 8.3.0

Description The issue is related to the File Upload component and can be exploited by a high-privileged attacker with network access via HTTP. Successful attacks require human interaction from a person other than the attacker and may significantly impact additional products. The exploitation can result in unauthorized ability to cause a hang or crash of the Oracle Enterprise Session Border Controller, as well as unauthorized update, insert, or delete access to some accessible data and unauthorized read access to a subset of accessible data. The vulnerability is also associated with errors in resource release.

Recommendations For versions 8.1.0, 8.2.0, and 8.3.0, consider restricting access to the File Upload component to minimize the risk of exploitation until a patch is available. As a temporary workaround, consider disabling the File Upload feature until a fix is provided. Restrict HTTP access to the Oracle Enterprise Session Border Controller to reduce the risk of remote exploitation.