Oracle Argus Safety Vulnerability in Health Sciences Applications
CVE-2019-2432

4.9MEDIUM

Key Information:

Vendor: Oracle
Status: Argus Safety
Vendor: CVE Published:; 16 January 2019

What is CVE-2019-2432?

A low-privileged attacker can exploit a vulnerability in Oracle Argus Safety, impacting the application's login component. Found in versions 8.1 and 8.2, this vulnerability poses a risk of unauthorized access, manipulation, and potential exposure of sensitive data. Although the exploit is considered difficult, successful attacks could enable attackers to update, insert, or delete data, as well as gain unauthorized read access to certain datasets. This may not only affect Oracle Argus Safety but could also have serious implications for other integrated Oracle Health Sciences products.

Affected Version(s)

Argus Safety 8.1

Argus Safety 8.2

References

http://www.oracle.com/technetwork/security-advisory/cpuja...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/106599

vdb-entryx_refsource_BID

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 16, 2019
Vulnerability Reserved
Dec 14, 2018