Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveOracleCVE-2020-14864
HistoryOct 21, 2020 - 3:15 p.m.

CVE-2020-14864

2020-10-2115:15:24
CWE-22
oracle
web.nvd.nist.gov
884
In Wild
2
cve-2020-14864
oracle
business intelligence
enterprise edition
vulnerability
security
exploitable
http
network access
cvss

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7

Confidence

High

EPSS

0.574

Percentile

97.8%

JSON

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation). Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Affected configurations

Nvd
Vulners
Node
oraclebusiness_intelligenceMatch5.5.0.0.0enterprise
OR
oraclebusiness_intelligenceMatch12.2.1.3.0enterprise
OR
oraclebusiness_intelligenceMatch12.2.1.4.0enterprise
VendorProductVersionCPE
oraclebusiness_intelligence5.5.0.0.0cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*
oraclebusiness_intelligence12.2.1.3.0cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*
oraclebusiness_intelligence12.2.1.4.0cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*

CNA Affected

[
  {
    "product": "Business Intelligence Enterprise Edition",
    "vendor": "Oracle Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "5.5.0.0.0"
      },
      {
        "status": "affected",
        "version": "12.2.1.3.0"
      },
      {
        "status": "affected",
        "version": "12.2.1.4.0"
      }
    ]
  }
]

Social References

More

Related

checkpoint_advisories 1
packetstorm 1
cisa_kev 1
nessus 2
nuclei 1
attackerkb 1
nvd 1
prion 1
cvelist 1
exploitdb 1
cisa 1
oracle 1
checkpoint_advisories
checkpoint_advisories
Oracle Business Intelligence Enterprise Edition Information Disclosure (CVE-2020-14864)
2022-02-02 00:00:00
packetstorm
packetstorm
Oracle Business Intelligence Enterprise Edition 5.5.0.0.0 / 12.2.1.3.0 / 12.2.1.4.0 LFI
2020-10-28 00:00:00
cisa_kev
cisa_kev
Oracle Business Intelligence Enterprise Edition Path Transversal
2022-01-18 00:00:00
nessus
nessus
Oracle Business Intelligence Enterprise Edition (OAS) (Oct 2020 CPU)
2023-05-08 00:00:00
Oracle Business Intelligence Enterprise Edition (Oct 2020 CPU)
2023-02-28 00:00:00
nuclei
nuclei
Oracle Fusion - Directory Traversal/Local File Inclusion
2020-10-29 09:54:06
attackerkb
attackerkb
CVE-2020-14864
2020-10-21 00:00:00
nvd
nvd
CVE-2020-14864
2020-10-21 15:15:24
prion
prion
Design/Logic Flaw
2020-10-21 15:15:00
cvelist
cvelist
CVE-2020-14864
2020-10-21 14:04:29
exploitdb
exploitdb
Oracle Business Intelligence Enterprise Edition 5.5.0.0.0 / 12.2.1.3.0 / 12.2.1.4.0 - 'getPreviewImage' Directory Traversal/Local File Inclusion
2020-10-28 00:00:00
cisa
cisa
CISA Adds 13 Known Exploited Vulnerabilities to Catalog
2022-01-18 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2020
2020-10-20 00:00:00

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7

Confidence

High

EPSS

0.574

Percentile

97.8%

JSON
Related for CVE-2020-14864
checkpoint_advisories1packetstorm1cisa_kev1nessus2nuclei1attackerkb1nvd1prion1cvelist1exploitdb1cisa1oracle1