Vulnerability in Oracle E-Business Suite's Email Center Component
CVE-2019-2492

4.7MEDIUM

Key Information:

Vendor: Oracle
Status: Email Center
Vendor: CVE Published:; 16 January 2019

What is CVE-2019-2492?

An unauthenticated access vulnerability exists in the Oracle Email Center component of Oracle E-Business Suite. This weakness affects supported versions and allows an attacker with network access via HTTP to compromise the Email Center. Notably, successful exploitation of this vulnerability requires human interaction from a user other than the attacker. Although the attack targets the Email Center, the consequences may extend to other related products, potentially allowing unauthorized updates, inserts, or deletions of data accessible through the Email Center.

Affected Version(s)

Email Center 12.1.1

Email Center 12.1.2

Email Center 12.1.3

References

http://www.securityfocus.com/bid/106620

vdb-entryx_refsource_BID

http://www.oracle.com/technetwork/security-advisory/cpuja...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 16, 2019
Vulnerability Reserved
Dec 14, 2018