CVE-2020-14895

Name of the Vulnerable Software and Affected Versions: Oracle Utilities Framework versions 2.2.0.0.0, 4.2.0.2.0, 4.2.0.3.0, 4.3.0.1.0 through 4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0

Description: The issue is related to insufficient access control in the Oracle Utilities Framework, allowing a remote attacker with low privileges and network access via HTTP to compromise the system. Successful attacks can result in unauthorized access to modify, add, or delete data, as well as unauthorized read access to a subset of the data.

Recommendations: For versions 2.2.0.0.0, 4.2.0.2.0, 4.2.0.3.0, 4.3.0.1.0 through 4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0, update to a version that includes the fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the Oracle Utilities Framework via HTTP to minimize the risk of exploitation. Restrict low-privileged attackers' access to the system to prevent unauthorized data modification or access.