Vulnerability in Oracle E-Business Suite's Partner Management Component
CVE-2019-2470

8.2HIGH

Key Information:

Vendor: Oracle
Status: Partner Management
Vendor: CVE Published:; 16 January 2019

What is CVE-2019-2470?

A vulnerability resides in the Oracle Partner Management component of Oracle E-Business Suite. It is characterized as easily exploitable, permitting an unauthenticated attacker to gain access through HTTP. Notably, successful exploitation necessitates human interaction from a third party, which raises concerns about data integrity and privacy. This vulnerability can lead to unauthorized access and manipulation of critical data within Oracle Partner Management, significantly affecting various integrated products as well. Proper remediation is essential to safeguard sensitive information.

Affected Version(s)

Partner Management 12.1.1

Partner Management 12.1.2

Partner Management 12.1.3

References

http://www.securityfocus.com/bid/106620

vdb-entryx_refsource_BID

http://www.oracle.com/technetwork/security-advisory/cpuja...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 16, 2019
Vulnerability Reserved
Dec 14, 2018