CVE-2020-2931Oracle Knowledge vulnerability

4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
1.9%
top 16.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle KnowledgeOracle Corporation Knowledge
Timeline
PublishedApr 15
Latest updateMay 24

Description

Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Web Applications - InfoCenter). Supported versions that are affected are 8.6.0-8.6.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge. Successful attacks of this vulnerability can result in takeover of Oracle Knowledge. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDoracle/knowledge8.6.08.6.3
CVEListV5oracle_corporation/knowledge8.6.0-8.6.3

🔴Vulnerability Details

2
GHSA
GHSA-4h43-v6pq-58m2: Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Web Applications - InfoCenter)2022-05-24
CVEList
CVE-2020-2931: Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Web Applications - InfoCenter)2020-04-15

📋Vendor Advisories

1
Oracle
Oracle Oracle Knowledge Risk Matrix: Web Applications - InfoCenter — CVE-2020-29312020-04-15
CVE-2020-2931 — Oracle Knowledge vulnerability | cvebase