CVE-2020-14565

Name of the Vulnerable Software and Affected Versions Oracle Unified Directory versions 11.1.2.3.0, 12.2.1.3.0, 12.2.1.4.0

Description The issue is related to insufficient input validation in the Security component of Oracle Unified Directory, part of Oracle Fusion Middleware. It allows a high-privileged attacker with network access via HTTP to compromise Oracle Unified Directory, requiring human interaction from someone other than the attacker. Successful attacks can result in unauthorized access to critical data, including creation, deletion, or modification of data, as well as the ability to cause a hang or crash of Oracle Unified Directory.

Recommendations For versions 11.1.2.3.0, 12.2.1.3.0, and 12.2.1.4.0, consider restricting access to the HTTP protocol until a fix is available. As a temporary workaround, consider disabling the Security component until a patch is available. Restrict access to sensitive data to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.