Vulnerability in Oracle iSupplier Portal of Oracle E-Business Suite
CVE-2019-2583

8.2HIGH

Key Information:

Vendor: Oracle
Status: Isupplier Portal
Vendor: CVE Published:; 23 April 2019

Summary

A vulnerability exists in the Attachments component of the Oracle iSupplier Portal within the Oracle E-Business Suite, affecting several versions. This easily exploitable vulnerability allows an unauthenticated attacker with network access via HTTP to breach the Oracle iSupplier Portal. Attackers may require user interaction, yet if successful, they can obtain unauthorized access to sensitive data or gain complete access to everything available through the Oracle iSupplier Portal. This vulnerability poses serious risks, enabling unauthorized updates, inserts, or deletions of accessible data.

Affected Version(s)

iSupplier Portal 12.1.3

iSupplier Portal 12.2.3

iSupplier Portal 12.2.4

References

http://www.oracle.com/technetwork/security-advisory/cpuap...

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 23, 2019
Vulnerability Reserved
Dec 14, 2018