Skip to main content

Knowledge CVE-2020-2932

MEDIUM
2020-04-15 secalert_us@oracle.com
5.9
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.9 MEDIUM
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Apr 15, 2020 - 14:15 nvd
MEDIUM 5.9

DescriptionNVD

Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Supported versions that are affected are 8.6.0-8.6.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Knowledge. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

AnalysisAI

Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Technical ContextAI

Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Supported versions that are affected are 8.6.0-8.6.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Knowledge. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). Affected products include: Oracle Knowledge.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2019-0227 HIGH POC
7.5 May 01

A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2

CVE-2019-11358 MEDIUM POC
6.1 Apr 20

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) becaus

CVE-2020-2931 CRITICAL
9.8 Apr 15

Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Web Applications - InfoCenter). Rated crit

CVE-2020-2791 CRITICAL
9.8 Apr 15

Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Rated critic

CVE-2017-2097 HIGH
8.8 Apr 28

Cross-site request forgery (CSRF) vulnerability in Knowledge versions prior to v1.7.0 allows remote attackers to hijack

CVE-2016-3476 MEDIUM
6.5 Jul 21

Unspecified vulnerability in the Oracle Knowledge component in Oracle Siebel CRM 8.5.x allows remote attackers to affect

CVE-2020-2795 MEDIUM
6.3 Apr 15

Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Rated medium

CVE-2018-8032 MEDIUM
6.1 Aug 02

Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/serv

CVE-2020-2524 MEDIUM
5.9 Apr 15

Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: InQuira Search). Rated medium severity (CV

CVE-2020-2553 MEDIUM
4.8 Apr 15

Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Rated medium

CVE-2016-3475 MEDIUM
4.3 Jul 21

Unspecified vulnerability in the Oracle Knowledge component in Oracle Siebel CRM 8.5.x allows remote authenticated users

CVE-2020-2522 MEDIUM
4.3 Apr 15

Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Rated medium

Share

CVE-2020-2932 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy