Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2020-14876

Опубликовано: 21 окт. 2020
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 8.5
CVSS3: 9.1

Описание

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Trade Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Trade Management accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).

РелизСтатусПримечание
bionic

DNE

devel

DNE

esm-apps/xenial

not-affected

esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

not-affected

Показывать по

РелизСтатусПримечание
bionic

not-affected

devel

DNE

esm-apps/bionic

not-affected

esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

not-affected

Показывать по

РелизСтатусПримечание
bionic

DNE

devel

not-affected

esm-apps/focal

not-affected

esm-infra-legacy/trusty

DNE

focal

not-affected

precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

not-affected

xenial

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

precise/esm

DNE

trusty

ignored

end of standard support
trusty/esm

DNE

upstream

not-affected

xenial

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

devel

DNE

esm-infra-legacy/trusty

ignored

esm-infra/focal

DNE

focal

DNE

precise/esm

ignored

trusty

ignored

end of standard support
trusty/esm

ignored

upstream

not-affected

vivid

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

precise/esm

DNE

trusty

ignored

end of standard support
trusty/esm

DNE

upstream

not-affected

xenial

DNE

Показывать по

РелизСтатусПримечание
bionic

not-affected

devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/bionic

not-affected

esm-infra/focal

DNE

esm-infra/xenial

not-affected

focal

DNE

precise/esm

DNE

trusty

DNE

trusty/esm

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

devel

not-affected

esm-infra-legacy/trusty

DNE

esm-infra/focal

not-affected

focal

not-affected

precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

not-affected

xenial

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

devel

DNE

esm-apps/xenial

not-affected

esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

not-affected

Показывать по

РелизСтатусПримечание
bionic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

precise/esm

DNE

trusty

ignored

end of standard support
trusty/esm

DNE

upstream

not-affected

xenial

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

devel

DNE

esm-apps/xenial

not-affected

esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

precise/esm

DNE

trusty

DNE

trusty/esm

DNE

upstream

not-affected

Показывать по

Ссылки на источники

EPSS

Процентиль: 83%
0.02024
Низкий

8.5 High

CVSS2

9.1 Critical

CVSS3

Связанные уязвимости

nvd логотип

CVE-2020-14876

CVSS3: 9.1
nvd
больше 5 лет назад

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Trade Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Trade Management accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).

debian логотип

CVE-2020-14876

CVSS3: 9.1
debian
больше 5 лет назад

Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...

github логотип

GHSA-h335-qq9x-f322

github
больше 3 лет назад

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Trade Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Trade Management accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).

fstec логотип

BDU:2020-04961

CVSS3: 9.1
fstec
больше 5 лет назад

Уязвимость компонента User Interface приложения Oracle Trade Management системы автоматизации деятельности предприятия Oracle E-Business Suite, позволяющая нарушителю получить доступ на изменение, добавление или удаление данных

EPSS

Процентиль: 83%
0.02024
Низкий

8.5 High

CVSS2

9.1 Critical

CVSS3

Уязвимость CVE-2020-14876