PT-2020-4446 · Oracle · Oracle Applications Manager+1
Published
2020-10-21
·
Updated
2020-10-23
·
CVE-2020-14811
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Oracle E-Business Suite versions 12.1.3 and 12.2.3 through 12.2.10
Description:
The issue is related to insufficient input validation in the Oracle Applications Manager component of Oracle E-Business Suite. It allows an unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager, resulting in unauthorized read access to a subset of Oracle Applications Manager accessible data.
Recommendations:
For versions 12.1.3 and 12.2.3 through 12.2.10, update to a version that includes the fix for this issue to prevent unauthorized access.
As a temporary workaround, consider restricting access to the Oracle Applications Manager component until a patch is available.
Avoid using the HTTP protocol to access Oracle Applications Manager until the issue is resolved.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Oracle Applications Manager
Oracle E-Business Suite