Skip to main content

Knowledge CVE-2020-2931

CRITICAL
2020-04-15 secalert_us@oracle.com
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Apr 15, 2020 - 14:15 nvd
CRITICAL 9.8

DescriptionNVD

Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Web Applications - InfoCenter). Supported versions that are affected are 8.6.0-8.6.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks of this vulnerability can result in takeover of Oracle Knowledge. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

AnalysisAI

Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Web Applications - InfoCenter). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Web Applications - InfoCenter). Supported versions that are affected are 8.6.0-8.6.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks of this vulnerability can result in takeover of Oracle Knowledge. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Affected products include: Oracle Knowledge.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2019-0227 HIGH POC
7.5 May 01

A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2

CVE-2019-11358 MEDIUM POC
6.1 Apr 20

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) becaus

CVE-2020-2791 CRITICAL
9.8 Apr 15

Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Rated critic

CVE-2017-2097 HIGH
8.8 Apr 28

Cross-site request forgery (CSRF) vulnerability in Knowledge versions prior to v1.7.0 allows remote attackers to hijack

CVE-2016-3476 MEDIUM
6.5 Jul 21

Unspecified vulnerability in the Oracle Knowledge component in Oracle Siebel CRM 8.5.x allows remote attackers to affect

CVE-2020-2795 MEDIUM
6.3 Apr 15

Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Rated medium

CVE-2018-8032 MEDIUM
6.1 Aug 02

Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/serv

CVE-2020-2932 MEDIUM
5.9 Apr 15

Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Rated medium

CVE-2020-2524 MEDIUM
5.9 Apr 15

Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: InQuira Search). Rated medium severity (CV

CVE-2020-2553 MEDIUM
4.8 Apr 15

Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Rated medium

CVE-2016-3475 MEDIUM
4.3 Jul 21

Unspecified vulnerability in the Oracle Knowledge component in Oracle Siebel CRM 8.5.x allows remote authenticated users

CVE-2020-2522 MEDIUM
4.3 Apr 15

Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Rated medium

Share

CVE-2020-2931 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy