Skip to main content

Applications Framework CVE-2020-14590

LOW
2020-07-15 secalert_us@oracle.com
2.7
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
2.7 LOW
AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Jul 15, 2020 - 18:15 nvd
LOW 2.7

DescriptionNVD

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Page Request). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Framework accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).

AnalysisAI

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Page Request). Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Technical ContextAI

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Page Request). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Framework accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N). Affected products include: Oracle Applications Framework.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2017-3528 MEDIUM POC
5.4 Apr 24

Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Popup windows (li

CVE-2021-2200 CRITICAL
9.1 Apr 22

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Home page). Rated crit

CVE-2020-14534 HIGH
8.2 Jul 15

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Popups). Rated high se

CVE-2020-2890 HIGH
8.2 Apr 15

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Diagnostics). Rated hi

CVE-2019-2682 HIGH
8.2 Apr 23

Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Attachments / Fil

CVE-2018-3243 HIGH
8.2 Oct 17

Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: None). Rated high

CVE-2021-2380 HIGH
7.6 Jul 21

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upl

CVE-2020-14610 HIGH
7.6 Jul 15

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upl

CVE-2016-3447 MEDIUM
6.9 Apr 21

Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2

CVE-2024-21080 MEDIUM
6.5 Apr 16

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: REST Services). Rated

CVE-2022-21636 MEDIUM
6.5 Oct 18

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Session Management). R

CVE-2023-22042 MEDIUM
6.1 Jul 18

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Diagnostics). Rated me

Share

CVE-2020-14590 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy