CVE-2020-14857

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.1.1 through 12.1.3 Oracle E-Business Suite versions 12.2.3 through 12.2.10

Description: The issue is related to insufficient input validation in the User Interface component of the Oracle Trade Management product. This can be exploited by a remote attacker to gain unauthorized access to sensitive information or to modify, add, or delete data using the HTTP protocol. The attack requires some interaction from a person other than the attacker and can have significant impacts on additional products beyond Oracle Trade Management.

Recommendations: For versions 12.1.1 through 12.1.3, update to a version outside of this range to mitigate the risk. For versions 12.2.3 through 12.2.10, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the User Interface component of Oracle Trade Management until a patch is available.