Unauthenticated Access Vulnerability in Oracle E-Business Suite's Partner Management Component
CVE-2019-2498

8.2HIGH

Key Information:

Vendor: Oracle
Status: Partner Management
Vendor: CVE Published:; 16 January 2019

Summary

The vulnerability within the Oracle Partner Management component of the Oracle E-Business Suite allows an unauthenticated attacker with network access via HTTP to exploit the system. This vulnerability requires human interaction from an individual other than the attacker, making it particularly concerning. While primarily affecting the Partner Management component, successful exploitation can lead to unauthorized access to sensitive data, including the ability to insert, update, or delete critical information within Oracle Partner Management. Given the nature of these attacks, the potential for significant ramifications on related products raises serious concerns regarding data confidentiality and integrity.

Affected Version(s)

Partner Management 12.1.1

Partner Management 12.1.2

Partner Management 12.1.3

References

http://www.securityfocus.com/bid/106620

vdb-entryx_refsource_BID

http://www.oracle.com/technetwork/security-advisory/cpuja...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 16, 2019
Vulnerability Reserved
Dec 14, 2018