PT-2020-3863 · Oracle · Oracle Security Service

Published

2020-07-15

Updated

2020-07-20

CVE-2020-14530

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Oracle Security Service version 11.1.1.9.0

Description: The issue allows an unauthenticated attacker with network access via HTTPS to compromise Oracle Security Service, resulting in unauthorized access to critical data or complete access to all Oracle Security Service accessible data. This is due to insufficient input validation, which can be exploited by a remote attacker using the HTTPS protocol.

Recommendations: For Oracle Security Service version 11.1.1.9.0, consider restricting access to the service until a patch is available, and ensure that all inputs are thoroughly validated to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2020-04255

CVE-2020-14530

Affected Products

Oracle Security Service

PT-2020-3863 · Oracle · Oracle Security Service

CVE-2020-14530

Weakness Enumeration

Related Identifiers

Affected Products

References · 5