Skip to main content

Configuration Manager CVE-2020-2984

HIGH
2020-07-15 secalert_us@oracle.com
7.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Jul 15, 2020 - 18:15 nvd
HIGH 7.1

DescriptionNVD

Vulnerability in the Oracle Configuration Manager product of Oracle Enterprise Manager (component: Discovery and collection script). The supported version that is affected is 12.1.2.0.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Configuration Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Configuration Manager accessible data as well as unauthorized update, insert or delete access to some of Oracle Configuration Manager accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N).

AnalysisAI

Vulnerability in the Oracle Configuration Manager product of Oracle Enterprise Manager (component: Discovery and collection script). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

Vulnerability in the Oracle Configuration Manager product of Oracle Enterprise Manager (component: Discovery and collection script). The supported version that is affected is 12.1.2.0.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Configuration Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Configuration Manager accessible data as well as unauthorized update, insert or delete access to some of Oracle Configuration Manager accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N). Affected products include: Oracle Configuration Manager.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2017-5645 CRITICAL POC
9.8 Apr 17

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events

CVE-2016-2381 HIGH
7.5 Apr 08

Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate e

CVE-2019-6957 CRITICAL
9.8 May 29

A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DI

CVE-2019-6958 CRITICAL
9.1 May 29

A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DI

CVE-2020-10878 HIGH
8.6 Jun 05

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. Rated h

CVE-2020-10543 HIGH
8.2 Jun 05

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers

CVE-2022-35415 HIGH
7.8 Sep 16

An improper input validation in NI System Configuration Manager before 22.5 may allow a privileged user to potentially e

CVE-2020-12723 HIGH
7.5 Jun 05

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_c

CVE-2023-35867 MEDIUM
5.9 Dec 18

An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthe

CVE-2025-5781 MEDIUM
5.2 Feb 25

Configuration Manager versions up to 11.0.5-00 is affected by insertion of sensitive information into log file (CVSS 5.2

CVE-2025-0976 MEDIUM
4.7 Feb 25

Configuration Manager versions up to 11.0.4-00 is affected by insertion of sensitive information into log file (CVSS 4.7

Share

CVE-2020-2984 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy