Vulnerability in Oracle Reports Developer Component of Oracle Fusion Middleware
CVE-2019-2413

6.1MEDIUM

Key Information:

Vendor

Oracle
Status
Reports Developer
Vendor
CVE Published:
16 January 2019

What is CVE-2019-2413?

A vulnerability exists in the Oracle Reports Developer component of Oracle Fusion Middleware, affecting version 12.2.1.3. An unauthenticated attacker with network access via HTTP may exploit this vulnerability to compromise the system. Successful exploits require a user interaction, involving a person other than the attacker, which can lead to unauthorized actions such as updating, inserting, or deleting data. Additionally, it can result in unauthorized read access to certain datasets accessible by Oracle Reports Developer. Due to the nature of its impacts, it is crucial for organizations utilizing this component to assess risk and implement appropriate security measures.

References

http://www.securityfocus.com/bid/106603
vdb-entryx_refsource_BID
https://www.exploit-db.com/exploits/46187/
exploitx_refsource_EXPLOIT-DB
http://www.oracle.com/technetwork/security-advisory/cpuja...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.