Vulnerability in Oracle iStore Affecting Oracle E-Business Suite
CVE-2019-2483

8.2HIGH

Key Information:

Vendor: Oracle
Status: Oracle Istore
Vendor: CVE Published:; 24 December 2024

Summary

The vulnerability within Oracle iStore, part of the Oracle E-Business Suite, poses a significant risk by allowing unauthenticated attackers with network access via HTTP to compromise the system. The vulnerability can be exploited through user interaction with a malicious link or scripted payload, requiring engagement from a targeted individual. While it primarily affects Oracle iStore, successful exploitation can lead to unauthorized access to critical data files and manipulation of accessible Oracle iStore data. Affected versions include 12.1.1 through 12.2.8, highlighting the urgent need for security updates to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Oracle iStore 12.1.1

Oracle iStore 12.1.2

Oracle iStore 12.1.3

References

https://www.oracle.com/security-alerts/cpujan2019-5072801...

vendor-advisory

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 24, 2024
Vulnerability Reserved
Dec 14, 2018

Collectors

NVD DatabaseMitre Database