Sign-up

ID

VAR-202004-1099


CVE

CVE-2020-2838


TITLE

Oracle E-Business Suite of Oracle CRM Gateway for Mobile Devices In Setup of Mobile Applications Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-004191

DESCRIPTION

Vulnerability in the Oracle CRM Gateway for Mobile Devices product of Oracle E-Business Suite (component: Setup of Mobile Applications). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Gateway for Mobile Devices. While the vulnerability is in Oracle CRM Gateway for Mobile Devices, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Gateway for Mobile Devices accessible data. CVSS 3.0 Base Score 8.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N). The software provides functions such as customer relationship management, service management, and financial management

Trust: 1.71

sources: NVD: CVE-2020-2838 // JVNDB: JVNDB-2020-004191 // VULHUB: VHN-180963

AFFECTED PRODUCTS

vendor:oraclemodel:customer relationship management gateway for mobile devicesscope:lteversion:12.1.3

Trust: 1.0

vendor:oraclemodel:customer relationship management gateway for mobile devicesscope:gteversion:12.1.1

Trust: 1.0

vendor:oraclemodel:crm gateway for mobile devicesscope: - version: -

Trust: 0.8

vendor:oraclemodel:e-business suitescope:eqversion:12.1.1 から 12.1.3

Trust: 0.8

sources: JVNDB: JVNDB-2020-004191 // NVD: CVE-2020-2838

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-2838
value: HIGH

Trust: 1.0

secalert_us@oracle.com: CVE-2020-2838
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-004191
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202004-1062
value: HIGH

Trust: 0.6

VULHUB: VHN-180963
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-2838
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-004191
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-180963
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-2838
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.1

Trust: 1.0

secalert_us@oracle.com: CVE-2020-2838
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-004191
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-180963 // JVNDB: JVNDB-2020-004191 // CNNVD: CNNVD-202004-1062 // NVD: CVE-2020-2838 // NVD: CVE-2020-2838

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-200

Trust: 0.1

sources: VULHUB: VHN-180963 // NVD: CVE-2020-2838

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-1062

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202004-1062

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-004191

PATCH
title:Oracle Critical Patch Update Advisory - April 2020url:https://www.oracle.com/security-alerts/cpuapr2020.html
Trust: 0.8
title:Text Form of Oracle Critical Patch Update - April 2020 Risk Matricesurl:https://www.oracle.com/security-alerts/cpuapr2020verbose.html
Trust: 0.8
title:Oracle E-Business Suite CRM Gateway for Mobile Devices Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116006
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-004191 // 
            
            
            
            CNNVD: CNNVD-202004-1062

EXTERNAL IDS
db:NVDid:CVE-2020-2838
Trust: 2.5
db:JVNDBid:JVNDB-2020-004191
Trust: 0.8
db:CNNVDid:CNNVD-202004-1062
Trust: 0.7
db:NSFOCUSid:46466
Trust: 0.6
db:CNVDid:CNVD-2020-38208
Trust: 0.1
db:VULHUBid:VHN-180963
Trust: 0.1
sources:
            
            
            VULHUB: VHN-180963 // 
            
            
            
            JVNDB: JVNDB-2020-004191 // 
            
            
            
            CNNVD: CNNVD-202004-1062 // 
            
            
            
            NVD: CVE-2020-2838

REFERENCES
url:https://www.oracle.com/security-alerts/cpuapr2020.html
Trust: 2.3
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-2838
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-2838\
Trust: 0.8
url:http://www.nsfocus.net/vulndb/46466
Trust: 0.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-2838
Trust: 0.6
sources:
            
            
            VULHUB: VHN-180963 // 
            
            
            
            JVNDB: JVNDB-2020-004191 // 
            
            
            
            CNNVD: CNNVD-202004-1062 // 
            
            
            
            NVD: CVE-2020-2838

SOURCES
db:VULHUBid:VHN-180963
db:JVNDBid:JVNDB-2020-004191
db:CNNVDid:CNNVD-202004-1062
db:NVDid:CVE-2020-2838

LAST UPDATE DATE
2024-11-23T22:58:18.862000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-180963date:2021-07-21T00:00:00
db:JVNDBid:JVNDB-2020-004191date:2020-05-08T00:00:00
db:CNNVDid:CNNVD-202004-1062date:2021-07-26T00:00:00
db:NVDid:CVE-2020-2838date:2024-11-21T05:26:24.843

SOURCES RELEASE DATE
db:VULHUBid:VHN-180963date:2020-04-15T00:00:00
db:JVNDBid:JVNDB-2020-004191date:2020-05-08T00:00:00
db:CNNVDid:CNNVD-202004-1062date:2020-04-14T00:00:00
db:NVDid:CVE-2020-2838date:2020-04-15T14:15:30.420