Sign-up

ID

VAR-202007-0792


CVE

CVE-2020-14599


TITLE

Oracle E-Business Suite  of  Oracle CRM Gateway for Mobile Devices  In  Setup of Mobile Applications  Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-008024

DESCRIPTION

Vulnerability in the Oracle CRM Gateway for Mobile Devices product of Oracle E-Business Suite (component: Setup of Mobile Applications). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Gateway for Mobile Devices. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle CRM Gateway for Mobile Devices accessible data as well as unauthorized access to critical data or complete access to all Oracle CRM Gateway for Mobile Devices accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). The software provides functions such as customer relationship management, service management, and financial management. Attackers can use this vulnerability to access, create, delete or modify data without authorization, affecting the confidentiality and integrity of data

Trust: 1.71

sources: NVD: CVE-2020-14599 // JVNDB: JVNDB-2020-008024 // VULHUB: VHN-167493

AFFECTED PRODUCTS

vendor:oraclemodel:customer relationship management gateway for mobile devicesscope:lteversion:12.1.3

Trust: 1.0

vendor:oraclemodel:customer relationship management gateway for mobile devicesscope:gteversion:12.1.1

Trust: 1.0

vendor:オラクルmodel:oracle crm gateway for mobile devicesscope:eqversion: -

Trust: 0.8

vendor:オラクルmodel:oracle e-business suitescope:eqversion:12.1.1 to 12.1.3

Trust: 0.8

sources: JVNDB: JVNDB-2020-008024 // NVD: CVE-2020-14599

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-14599
value: CRITICAL

Trust: 1.0

secalert_us@oracle.com: CVE-2020-14599
value: CRITICAL

Trust: 1.0

NVD: CVE-2020-14599
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202007-924
value: CRITICAL

Trust: 0.6

VULHUB: VHN-167493
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-14599
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-167493
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-14599
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.1

Trust: 2.0

OTHER: JVNDB-2020-008024
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-167493 // JVNDB: JVNDB-2020-008024 // CNNVD: CNNVD-202007-924 // NVD: CVE-2020-14599 // NVD: CVE-2020-14599

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-008024 // NVD: CVE-2020-14599

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-924

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202007-924

PATCH

title:Oracle Critical Patch Update Advisory - July 2020 Oracle Critical Patch Updateurl:https://www.oracle.com/security-alerts/cpujul2020.html

Trust: 0.8

title:Oracle E-Business Suite CRM Gateway for Mobile Devices Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124481

Trust: 0.6

sources: JVNDB: JVNDB-2020-008024 // CNNVD: CNNVD-202007-924

EXTERNAL IDS

db:NVDid:CVE-2020-14599

Trust: 2.5

db:JVNDBid:JVNDB-2020-008024

Trust: 0.8

db:CNNVDid:CNNVD-202007-924

Trust: 0.7

db:CNVDid:CNVD-2020-43704

Trust: 0.1

db:VULHUBid:VHN-167493

Trust: 0.1

sources: VULHUB: VHN-167493 // JVNDB: JVNDB-2020-008024 // CNNVD: CNNVD-202007-924 // NVD: CVE-2020-14599

REFERENCES

url:https://www.oracle.com/security-alerts/cpujul2020.html

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-14599

Trust: 1.4

sources: VULHUB: VHN-167493 // JVNDB: JVNDB-2020-008024 // CNNVD: CNNVD-202007-924 // NVD: CVE-2020-14599

SOURCES

db:VULHUBid:VHN-167493
db:JVNDBid:JVNDB-2020-008024
db:CNNVDid:CNNVD-202007-924
db:NVDid:CVE-2020-14599

LAST UPDATE DATE

2024-11-23T22:47:57.638000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-167493date:2020-07-20T00:00:00
db:JVNDBid:JVNDB-2020-008024date:2020-09-02T00:00:00
db:CNNVDid:CNNVD-202007-924date:2020-07-21T00:00:00
db:NVDid:CVE-2020-14599date:2024-11-21T05:03:39.077

SOURCES RELEASE DATE

db:VULHUBid:VHN-167493date:2020-07-15T00:00:00
db:JVNDBid:JVNDB-2020-008024date:2020-09-02T00:00:00
db:CNNVDid:CNNVD-202007-924date:2020-07-14T00:00:00
db:NVDid:CVE-2020-14599date:2020-07-15T18:15:25.583