Oracle Applications Framework up to 12.1.3/12.2.10 Popup windows

Summaryinfo

A vulnerability has been found in Oracle Applications Framework up to 12.1.3/12.2.10 and classified as critical. The affected element is an unknown function of the component Popup windows. The manipulation leads to an unknown weakness. This vulnerability is listed as CVE-2020-14746. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.

Detailsinfo

A vulnerability was found in Oracle Applications Framework up to 12.1.3/12.2.10 and classified as critical. This issue affects an unknown part of the component Popup windows. Impacted is integrity.

The weakness was presented 10/20/2020 as Oracle Critical Patch Update Advisory - October 2020. It is possible to read the advisory at oracle.com. The identification of this vulnerability is CVE-2020-14746. The exploitation is known to be easy. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. The technical details are unknown and an exploit is not publicly available.

Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Be aware that VulDB is the high quality source for vulnerability data.

Productinfo

Vendor

• Oracle

Name

• Applications Framework

Version

• 12.1.0
• 12.1.1
• 12.1.2
• 12.1.3
• 12.2.0
• 12.2.1
• 12.2.2
• 12.2.3
• 12.2.4
• 12.2.5
• 12.2.6
• 12.2.7
• 12.2.8
• 12.2.9
• 12.2.10

License

• commercial

Website

• Vendor: https://www.oracle.com

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Be aware that VulDB is the high quality source for vulnerability data.

Discussion