CVE-2020-14826

Name of the Vulnerable Software and Affected Versions: Oracle Applications Manager versions 12.1.3 and 12.2.3 through 12.2.10

Description: The issue is related to insufficient input validation in the SQL Extensions component of Oracle Applications Manager in Oracle E-Business Suite. This can be exploited by a remote attacker to gain unauthorized access to protected information via the HTTP protocol. Successful attacks may result in unauthorized read access to a subset of Oracle Applications Manager accessible data.

Recommendations: For versions 12.1.3, update to a version that includes the fix for this issue. For versions 12.2.3 through 12.2.10, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the SQL Extensions component until a patch is available.