Vulnerability in Oracle AutoVue 3D Professional Advanced - Oracle Supply Chain Products Suite
CVE-2019-2575

5.3MEDIUM

Key Information:

Vendor: Oracle
Status: Autovue 3d Professional Advanced
Vendor: CVE Published:; 23 April 2019

Summary

An exploitable vulnerability exists in the Oracle AutoVue 3D Professional Advanced component of the Oracle Supply Chain Products Suite that allows unauthenticated attackers with network access via HTTP to gain unauthorized read access to sensitive accessible data. This vulnerability, located in the format handling for 2D files, affects versions 21.0.0 and 21.0.1, posing significant risks to data confidentiality.

Affected Version(s)

AutoVue 3D Professional Advanced 21.0.0

AutoVue 3D Professional Advanced 21.0.1

References

http://www.oracle.com/technetwork/security-advisory/cpuap...

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 23, 2019
Vulnerability Reserved
Dec 14, 2018