Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2020-14864
HistoryOct 21, 2020 - 3:15 p.m.

CVE-2020-14864

2020-10-2115:15:00
CWE-22
[email protected]
web.nvd.nist.gov
871
In Wild
2
cve-2020-14864
oracle
business intelligence
enterprise edition
vulnerability
security
exploitable
http
network access
cvss

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7 High

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

0.47 Medium

EPSS

Percentile

97.4%

JSON

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation). Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

VendorProductVersionCPE
oraclebusiness_intelligence*cpe:2.3:a:oracle:business_intelligence:*:*:*:*:*:*:*:*
oraclebusiness_intelligence*cpe:2.3:a:oracle:business_intelligence:*:*:*:*:*:*:*:*
oraclebusiness_intelligence*cpe:2.3:a:oracle:business_intelligence:*:*:*:*:*:*:*:*

Social References

More

Related

checkpoint_advisories 1
packetstorm 1
cisa_kev 1
prion 1
nessus 2
nuclei 1
attackerkb 1
exploitdb 1
cisa 1
oracle 1
checkpoint_advisories
checkpoint_advisories
Oracle Business Intelligence Enterprise Edition Information Disclosure (CVE-2020-14864)
2022-02-02 00:00:00
packetstorm
packetstorm
Oracle Business Intelligence Enterprise Edition 5.5.0.0.0 / 12.2.1.3.0 / 12.2.1.4.0 LFI
2020-10-28 00:00:00
cisa_kev
cisa_kev
Oracle Business Intelligence Enterprise Edition Path Transversal
2022-01-18 00:00:00
prion
prion
Design/Logic Flaw
2020-10-21 15:15:00
nessus
nessus
Oracle Business Intelligence Enterprise Edition (OAS) (Oct 2020 CPU)
2023-05-08 00:00:00
Oracle Business Intelligence Enterprise Edition (Oct 2020 CPU)
2023-02-28 00:00:00
nuclei
nuclei
Oracle Fusion - Directory Traversal/Local File Inclusion
2020-10-29 09:54:06
attackerkb
attackerkb
CVE-2020-14864
2020-10-21 00:00:00
exploitdb
exploitdb
Oracle Business Intelligence Enterprise Edition 5.5.0.0.0 / 12.2.1.3.0 / 12.2.1.4.0 - 'getPreviewImage' Directory Traversal/Local File Inclusion
2020-10-28 00:00:00
cisa
cisa
CISA Adds 13 Known Exploited Vulnerabilities to Catalog
2022-01-18 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2020
2020-10-20 00:00:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7 High

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

0.47 Medium

EPSS

Percentile

97.4%

JSON
Related for CVE-2020-14864
checkpoint_advisories1packetstorm1cisa_kev1prion1nessus2nuclei1attackerkb1exploitdb1cisa1oracle1