CVE-2020-2750

{"id": "CVE-2020-2750", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "secalert_us@oracle.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2020-04-15T14:15:24.950", "references": [{"url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "tags": ["Vendor Advisory"], "source": "secalert_us@oracle.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle General Ledger product of Oracle E-Business Suite (component: Account Hierarchy Manager). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle General Ledger accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."}, {"lang": "es", "value": "Vulnerabilidad en el producto Oracle General Ledger de Oracle E-Business Suite (componente: Account Hierarchy Manager). Las versiones compatibles que est\u00e1n afectadas son 12.1.1-12.1.3 y 12.2.3-12.2.9. Una vulnerabilidad explotable f\u00e1cilmente permite a un atacante no autenticado con acceso a la red por medio de HTTP comprometer a Oracle General Ledger. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en acceso no autorizado a datos cr\u00edticos o acceso completo a todos los datos accesibles de Oracle General Ledger. CVSS 3.0 Base Score 7.5 (Impactos de la confidencialidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."}], "lastModified": "2020-04-15T18:42:27.440", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:general_ledger:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6AFB474F-4B10-4A3A-AC94-61B29A383211", "versionEndIncluding": "12.1.3", "versionStartIncluding": "12.1.1"}, {"criteria": "cpe:2.3:a:oracle:general_ledger:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3B020DB-3EC2-4704-910A-C979E1EDCB6F", "versionEndIncluding": "12.2.9", "versionStartIncluding": "12.2.3"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}