CVE-2020-14746

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.1.3 and 12.2.3 through 12.2.10

Description: The issue is related to insufficient input validation in a component of the Oracle Applications Framework. This can be exploited by a remote attacker to gain access to modify, add, or delete data using the HTTP protocol. Successful attacks may require human interaction and can significantly impact additional products, resulting in unauthorized access to some data.

Recommendations: For versions 12.1.3, update to a version that includes the fix for this issue. For versions 12.2.3 through 12.2.10, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the vulnerable component of the Oracle Applications Framework to minimize the risk of exploitation.