admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-06-20 09:50:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

add CVE-2020-14864

Browse Source
This commit is contained in:
tardc 2020-12-03 20:16:14 +08:00
parent 8404374790
commit 3921bf1f15
2 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
BusinessIntelligence/CVE-2020-14864/CVE-2020-14864.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 226 KiB

11
BusinessIntelligence/CVE-2020-14864/README.md Normal file
View File

@ -0,0 +1,11 @@
# CVE-2020-14864 Oracle Application Server File Read
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation). Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
**Affected version**: business_intelligence 5.5.0.0.0, 12.2.1.3.0, 12.2.1.4.0
**[FOFA](https://fofa.so/result?q=app%3D%22Oracle-Application-Server%22&qbase64=YXBwPSJPcmFjbGUtQXBwbGljYXRpb24tU2VydmVyIg%3D%3D&file=&file=) query rule**: app="Oracle-Application-Server"
# Demo
![](CVE-2020-14864.gif)