CVE-2020-14533

Name of the Vulnerable Software and Affected Versions: Oracle Commerce Platform versions prior to 11.3.1 Oracle Commerce Platform version 11.1 Oracle Commerce Platform version 11.2

Description: The issue is related to insufficient input validation in the Dynamo Application Framework component of the Oracle Commerce Platform. This allows a remote attacker with high privileges and network access via HTTP to compromise the platform. Successful attacks require human interaction from a person other than the attacker and can result in unauthorized update, insert, or delete access to some of the platform's accessible data, as well as unauthorized read access to a subset of the platform's accessible data.

Recommendations: For Oracle Commerce Platform versions prior to 11.3.1, update to version 11.3.1 or later to resolve the issue. For Oracle Commerce Platform version 11.1, update to version 11.3.1 or later to resolve the issue. For Oracle Commerce Platform version 11.2, update to version 11.3.1 or later to resolve the issue.