Vulnerability in Oracle Reports Developer Component of Oracle Fusion Middleware
CVE-2019-2413

6.1MEDIUM

Key Information:

Vendor
Oracle
Status
Reports Developer
Vendor
CVE Published:
16 January 2019

Summary

A vulnerability exists in the Oracle Reports Developer component of Oracle Fusion Middleware, affecting version 12.2.1.3. An unauthenticated attacker with network access via HTTP may exploit this vulnerability to compromise the system. Successful exploits require a user interaction, involving a person other than the attacker, which can lead to unauthorized actions such as updating, inserting, or deleting data. Additionally, it can result in unauthorized read access to certain datasets accessible by Oracle Reports Developer. Due to the nature of its impacts, it is crucial for organizations utilizing this component to assess risk and implement appropriate security measures.

References

http://www.securityfocus.com/bid/106603
vdb-entryx_refsource_BID
https://www.exploit-db.com/exploits/46187/
exploitx_refsource_EXPLOIT-DB
http://www.oracle.com/technetwork/security-advisory/cpuja...
x_refsource_CONFIRM

EPSS Score

9% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.