CVE-2020-2795
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
15/04/2020
Last modified:
16/04/2020
Description
Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Supported versions that are affected are 8.6.0-8.6.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Knowledge executes to compromise Oracle Knowledge. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Knowledge. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
Impact
Base Score 3.x
6.30
Severity 3.x
MEDIUM
Base Score 2.0
6.00
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:oracle:knowledge:*:*:*:*:*:*:*:* | 8.6.0 (including) | 8.6.2 (including) |
To consult the complete list of CPE names with products and versions, see this page