Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistOracleCVELIST:CVE-2020-14864
HistoryOct 21, 2020 - 2:04 p.m.

CVE-2020-14864

2020-10-2114:04:29
oracle
www.cve.org
7
oracle fusion middleware
installation
cve-2020-14864
http
unauthorized access
critical data

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.2

Confidence

High

EPSS

0.574

Percentile

97.8%

JSON

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation). Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

CNA Affected

[
  {
    "product": "Business Intelligence Enterprise Edition",
    "vendor": "Oracle Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "5.5.0.0.0"
      },
      {
        "status": "affected",
        "version": "12.2.1.3.0"
      },
      {
        "status": "affected",
        "version": "12.2.1.4.0"
      }
    ]
  }
]

Related

checkpoint_advisories 1
packetstorm 1
cisa_kev 1
nuclei 1
nessus 2
nvd 1
attackerkb 1
prion 1
exploitdb 1
cve 1
cisa 1
oracle 1
checkpoint_advisories
checkpoint_advisories
Oracle Business Intelligence Enterprise Edition Information Disclosure (CVE-2020-14864)
2022-02-02 00:00:00
packetstorm
packetstorm
Oracle Business Intelligence Enterprise Edition 5.5.0.0.0 / 12.2.1.3.0 / 12.2.1.4.0 LFI
2020-10-28 00:00:00
cisa_kev
cisa_kev
Oracle Business Intelligence Enterprise Edition Path Transversal
2022-01-18 00:00:00
nuclei
nuclei
Oracle Fusion - Directory Traversal/Local File Inclusion
2020-10-29 09:54:06
nessus
nessus
Oracle Business Intelligence Enterprise Edition (OAS) (Oct 2020 CPU)
2023-05-08 00:00:00
Oracle Business Intelligence Enterprise Edition (Oct 2020 CPU)
2023-02-28 00:00:00
nvd
nvd
CVE-2020-14864
2020-10-21 15:15:24
attackerkb
attackerkb
CVE-2020-14864
2020-10-21 00:00:00
prion
prion
Design/Logic Flaw
2020-10-21 15:15:00
exploitdb
exploitdb
Oracle Business Intelligence Enterprise Edition 5.5.0.0.0 / 12.2.1.3.0 / 12.2.1.4.0 - 'getPreviewImage' Directory Traversal/Local File Inclusion
2020-10-28 00:00:00
cve
cve
CVE-2020-14864
2020-10-21 15:15:24
cisa
cisa
CISA Adds 13 Known Exploited Vulnerabilities to Catalog
2022-01-18 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2020
2020-10-20 00:00:00

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.2

Confidence

High

EPSS

0.574

Percentile

97.8%

JSON
Related for CVELIST:CVE-2020-14864
checkpoint_advisories1packetstorm1cisa_kev1nuclei1nessus2nvd1attackerkb1prion1exploitdb1cve1cisa1oracle1