Lucene search
John Simpson of Trend Micro Security ResearchZDI-20-503HistoryApr 16, 2020 - 12:00 a.m.
Oracle E-Business Suite Human Resources Organization Hierarchy Viewer PosServer SQL Injection Privilege Escalation Vulnerability
2020-04-1600:00:00
John Simpson of Trend Micro Security Research
www.zerodayinitiative.com
17
EPSS
0.118
Percentile
95.4%
This vulnerability allows remote attackers to escalate privileges on affected installations of Oracle E-Business Suite Human Resources. Authentication is required to exploit this vulnerability. The specific flaw exists within the Organization Hierarchy Viewer. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges and reset the password for the SYSADMIN user.
Related
cvelist
cvelist
CVE-2020-2956
2020-04-15 13:29:54
checkpoint_advisories
checkpoint_advisories
Oracle E-Business Suite Human Resources SQL Injection (CVE-2020-2956)
2020-07-22 00:00:00
nvd
nvd
CVE-2020-2956
2020-04-15 14:15:37
vulnrichment
vulnrichment
CVE-2020-2956
2020-04-15 13:29:54
prion
prion
Design/Logic Flaw
2020-04-15 14:15:00
cve
cve
CVE-2020-2956
2020-04-15 14:15:37
nessus
nessus
Oracle Oracle E-Business Suite (Apr 2020 CPU)
2020-04-15 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2020
2020-04-14 00:00:00