CVE-2020-14728 (CNNVD-202008-1317)
中文标题:
Oracle NetSuite 安全漏洞
英文标题:
Vulnerability in the SuiteCommerce Advanced (SCA) component of Oracle NetSuite service. Supported ve...
漏洞描述
中文描述:
Oracle NetSuite是甲骨文(Oracle)的一个云ERP系统。 Oracle NetSuite service 存在安全漏洞,该漏洞允许低特权攻击者通过HTTP访问网络,从而破坏NetSuite SCA。成功的攻击需要攻击者以外的其他人进行人为交互,并且该漏洞位于NetSuite SCA中,但攻击可能会严重影响其他产品。对该漏洞的成功攻击可能导致未经授权的更新,插入或删除对某些NetSuite SCA可访问数据的访问以及未经授权的对NetSuite SCA数据子集的读取访问。
英文描述:
Vulnerability in the SuiteCommerce Advanced (SCA) component of Oracle NetSuite service. Supported versions that are affected are Montblanc, Vinson, Elbrus, Kilimanjaro, Aconcagua, 2018.2, 2019.1, 2019.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise NetSuite SCA. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in NetSuite SCA, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of NetSuite SCA accessible data as well as unauthorized read access to a subset of NetSuite SCA data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Oracle Corporation | Oracle NetSuite service | Montblanc | - | - |
cpe:2.3:a:oracle_corporation:oracle_netsuite_service:montblanc:*:*:*:*:*:*:*
|
| Oracle Corporation | Oracle NetSuite service | Vinson | - | - |
cpe:2.3:a:oracle_corporation:oracle_netsuite_service:vinson:*:*:*:*:*:*:*
|
| Oracle Corporation | Oracle NetSuite service | Elbrus | - | - |
cpe:2.3:a:oracle_corporation:oracle_netsuite_service:elbrus:*:*:*:*:*:*:*
|
| Oracle Corporation | Oracle NetSuite service | Kilimanjaro | - | - |
cpe:2.3:a:oracle_corporation:oracle_netsuite_service:kilimanjaro:*:*:*:*:*:*:*
|
| Oracle Corporation | Oracle NetSuite service | Aconcagua | - | - |
cpe:2.3:a:oracle_corporation:oracle_netsuite_service:aconcagua:*:*:*:*:*:*:*
|
| Oracle Corporation | Oracle NetSuite service | 2018.2 | - | - |
cpe:2.3:a:oracle_corporation:oracle_netsuite_service:2018.2:*:*:*:*:*:*:*
|
| Oracle Corporation | Oracle NetSuite service | 2019.1 | - | - |
cpe:2.3:a:oracle_corporation:oracle_netsuite_service:_2019.1:*:*:*:*:*:*:*
|
| Oracle Corporation | Oracle NetSuite service | 2019.2 | - | - |
cpe:2.3:a:oracle_corporation:oracle_netsuite_service:2019.2:*:*:*:*:*:*:*
|
| oracle | suitecommerce_advanced | - | - | - |
cpe:2.3:a:oracle:suitecommerce_advanced:-:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
CVSS评分详情
3.1 (cna)
MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2020-14728 |
2025-11-11 15:20:24 | 2025-11-11 07:36:04 |
| NVD | nvd_CVE-2020-14728 |
2025-11-11 14:57:02 | 2025-11-11 07:44:31 |
| CNNVD | cnnvd_CNNVD-202008-1317 |
2025-11-11 15:10:29 | 2025-11-11 07:56:24 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 其他
- cnnvd_id: 未提取 -> CNNVD-202008-1317
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- affected_products_count: 8 -> 9
- data_sources: ['cve'] -> ['cve', 'nvd']