Sign-up

ID

VAR-202007-0428


CVE

CVE-2020-14598


TITLE

Oracle E-Business Suite  of  Oracle CRM Gateway for Mobile Devices  In  Setup of Mobile Applications  Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-008023

DESCRIPTION

Vulnerability in the Oracle CRM Gateway for Mobile Devices product of Oracle E-Business Suite (component: Setup of Mobile Applications). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Gateway for Mobile Devices. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle CRM Gateway for Mobile Devices accessible data as well as unauthorized access to critical data or complete access to all Oracle CRM Gateway for Mobile Devices accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). The software provides functions such as customer relationship management, service management, and financial management. Attackers can use this vulnerability to access, create, delete or modify data without authorization, affecting the confidentiality and integrity of data

Trust: 1.71

sources: NVD: CVE-2020-14598 // JVNDB: JVNDB-2020-008023 // VULHUB: VHN-167492

AFFECTED PRODUCTS

vendor:oraclemodel:customer relationship management gateway for mobile devicesscope:lteversion:12.1.3

Trust: 1.0

vendor:oraclemodel:customer relationship management gateway for mobile devicesscope:gteversion:12.1.1

Trust: 1.0

vendor:オラクルmodel:oracle crm gateway for mobile devicesscope:eqversion: -

Trust: 0.8

vendor:オラクルmodel:oracle e-business suitescope:eqversion:12.1.1 to 12.1.3

Trust: 0.8

sources: JVNDB: JVNDB-2020-008023 // NVD: CVE-2020-14598

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-14598
value: CRITICAL

Trust: 1.0

secalert_us@oracle.com: CVE-2020-14598
value: CRITICAL

Trust: 1.0

NVD: CVE-2020-14598
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202007-925
value: CRITICAL

Trust: 0.6

VULHUB: VHN-167492
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-14598
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-167492
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-14598
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.1

Trust: 2.0

OTHER: JVNDB-2020-008023
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-167492 // JVNDB: JVNDB-2020-008023 // CNNVD: CNNVD-202007-925 // NVD: CVE-2020-14598 // NVD: CVE-2020-14598

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-008023 // NVD: CVE-2020-14598

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-925

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202007-925

PATCH

title:Oracle Critical Patch Update Advisory - July 2020 Oracle Critical Patch Updateurl:https://www.oracle.com/security-alerts/cpujul2020.html

Trust: 0.8

title:Oracle E-Business Suite CRM Gateway for Mobile Devices Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=123973

Trust: 0.6

sources: JVNDB: JVNDB-2020-008023 // CNNVD: CNNVD-202007-925

EXTERNAL IDS

db:NVDid:CVE-2020-14598

Trust: 2.5

db:JVNDBid:JVNDB-2020-008023

Trust: 0.8

db:CNNVDid:CNNVD-202007-925

Trust: 0.7

db:CNVDid:CNVD-2020-44278

Trust: 0.1

db:VULHUBid:VHN-167492

Trust: 0.1

sources: VULHUB: VHN-167492 // JVNDB: JVNDB-2020-008023 // CNNVD: CNNVD-202007-925 // NVD: CVE-2020-14598

REFERENCES

url:https://www.oracle.com/security-alerts/cpujul2020.html

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-14598

Trust: 1.4

sources: VULHUB: VHN-167492 // JVNDB: JVNDB-2020-008023 // CNNVD: CNNVD-202007-925 // NVD: CVE-2020-14598

SOURCES

db:VULHUBid:VHN-167492
db:JVNDBid:JVNDB-2020-008023
db:CNNVDid:CNNVD-202007-925
db:NVDid:CVE-2020-14598

LAST UPDATE DATE

2024-11-23T22:21:05.651000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-167492date:2020-07-20T00:00:00
db:JVNDBid:JVNDB-2020-008023date:2020-09-02T00:00:00
db:CNNVDid:CNNVD-202007-925date:2020-07-21T00:00:00
db:NVDid:CVE-2020-14598date:2024-11-21T05:03:38.937

SOURCES RELEASE DATE

db:VULHUBid:VHN-167492date:2020-07-15T00:00:00
db:JVNDBid:JVNDB-2020-008023date:2020-09-02T00:00:00
db:CNNVDid:CNNVD-202007-925date:2020-07-14T00:00:00
db:NVDid:CVE-2020-14598date:2020-07-15T18:15:25.490