CVE-2020-14900

Name of the Vulnerable Software and Affected Versions: Oracle Application Express Group Calendar versions prior to 20.2

Description: The issue exists due to insufficient input validation in the Oracle Application Express Group Calendar component of Oracle Database Server. This allows a remote attacker with a valid user account and network access via HTTP to compromise the component, potentially impacting the confidentiality and integrity of protected information. Successful attacks require human interaction from a person other than the attacker and may significantly impact additional products, resulting in unauthorized access to some data.

Recommendations: For versions prior to 20.2, update to version 20.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the Oracle Application Express Group Calendar component until a patch is available. Additionally, restrict network access via HTTP to minimize the risk of exploitation.