Lucene search

[email protected]CVE-2020-14565

HistoryJul 15, 2020 - 6:15 p.m.

CVE-2020-14565

2020-07-1518:15:22

[email protected]

web.nvd.nist.gov

oracle

unified directory

fusion middleware

cve-2020-14565

security

vulnerability

cvss

nvd

4.9 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:P/A:P

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:H

7.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.4%

JSON

Vulnerability in the Oracle Unified Directory product of Oracle Fusion Middleware (component: Security). Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Unified Directory. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Unified Directory, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Unified Directory accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Unified Directory. CVSS 3.1 Base Score 8.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:H).

Affected configurations

Vulners

NVD

Node

oracleunified_directoryRange≤11.1.2.3.0

oracleunified_directoryRange≤12.2.1.3.0

oracleunified_directoryRange≤12.2.1.4.0

VendorProductVersionCPE
oracleunified_directory*cpe:2.3:a:oracle:unified_directory:*:*:*:*:*:*:*:*
oracleunified_directory*cpe:2.3:a:oracle:unified_directory:*:*:*:*:*:*:*:*
oracleunified_directory*cpe:2.3:a:oracle:unified_directory:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oracle	unified_directory	*	cpe:2.3:a:oracle:unified_directory::::::::
oracle	unified_directory	*	cpe:2.3:a:oracle:unified_directory::::::::
oracle	unified_directory	*	cpe:2.3:a:oracle:unified_directory::::::::

CNA Affected

[
  {
    "product": "Unified Directory",
    "vendor": "Oracle Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "11.1.2.3.0"
      },
      {
        "status": "affected",
        "version": "12.2.1.3.0"
      },
      {
        "status": "affected",
        "version": "12.2.1.4.0"
      }
    ]
  }
]

References

www.oracle.com/security-alerts/cpujul2020.html

4.9 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:P/A:P

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:H

7.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.4%

JSON

Related for CVE-2020-14565

cvelist1 nvd1 prion1 oracle1