Security Flaw in Oracle E-Business Suite Email Center Component
CVE-2019-2651

8.2HIGH

Key Information:

Vendor: Oracle
Status: Email Center
Vendor: CVE Published:; 23 April 2019

Summary

A security flaw in the Oracle Email Center component of Oracle E-Business Suite allows unauthenticated attackers with network access via HTTP to compromise the Email Center. This vulnerability requires human interaction from a user other than the attacker for successful exploitation. While the primary issue resides in the Email Center, the impact can cascade to other related products, potentially leading to unauthorized access to sensitive data. Attackers could gain elevated privileges, enabling them to perform unauthorized updates, inserts, or deletions of data within the Email Center. Organizations using affected versions are urged to apply the necessary patches to mitigate risks associated with this vulnerability.

Affected Version(s)

Email Center 12.1.1

Email Center 12.1.2

Email Center 12.1.3

References

http://www.oracle.com/technetwork/security-advisory/cpuap...

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 23, 2019
Vulnerability Reserved
Dec 14, 2018