Vulnerability in Oracle Trade Management Component of Oracle E-Business Suite
CVE-2019-2642

8.2HIGH

Key Information:

Vendor: Oracle
Status: Trade Management
Vendor: CVE Published:; 23 April 2019

Summary

An unauthenticated access vulnerability exists in the Oracle Trade Management component of the Oracle E-Business Suite. This vulnerability can be exploited by attackers with network access via HTTP, allowing them to compromise Oracle Trade Management. Although exploitation requires user interaction from a person other than the attacker, successful exploitation can lead to unauthorized access to critical data and manipulation of Oracle Trade Management data, which may significantly impact other products within the suite.

Affected Version(s)

Trade Management 12.1.1

Trade Management 12.1.2

Trade Management 12.1.3

References

http://www.oracle.com/technetwork/security-advisory/cpuap...

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 23, 2019
Vulnerability Reserved
Dec 14, 2018