CVE-2020-14535

Name of the Vulnerable Software and Affected Versions: Oracle Commerce Service Center versions 11.1, 11.2 and prior to 11.3.1

Description: The issue exists due to insufficient input validation in the Commerce Service Center module of the Oracle Commerce platform. This allows a remote attacker to gain unauthorized access to modify, add, or delete data, or access protected information via the HTTP protocol. The vulnerability can be exploited by an unauthenticated attacker with network access, potentially resulting in unauthorized creation, deletion, or modification of critical data, as well as unauthorized access to all accessible data in the Oracle Commerce Service Center.

Recommendations: For versions 11.1 and 11.2, update to a version later than 11.3.1 to resolve the issue. For versions prior to 11.3.1, update to version 11.3.1 or later to fix the vulnerability. As a temporary workaround, consider restricting access to the Commerce Service Center module until a patch is available.