Unauthenticated Access Vulnerability in Oracle E-Business Suite Print Server
CVE-2019-2653

8.2HIGH

Key Information:

Vendor: Oracle
Status: One-to-one Fulfillment
Vendor: CVE Published:; 23 April 2019

Summary

The Oracle E-Business Suite's Print Server component is susceptible to a vulnerability allowing unauthorized users to gain access to sensitive information. The flaw can be exploited by an attacker with network access over HTTP, requiring interaction from victims that may unwittingly facilitate the breach. Although primarily affecting Oracle One-to-One Fulfillment, this vulnerability poses broader risks, potentially compromising various owned data and allowing modifications without authorization, which may lead to severe data integrity issues.

Affected Version(s)

One-to-One Fulfillment 12.1.1

One-to-One Fulfillment 12.1.2

One-to-One Fulfillment 12.1.3

References

http://www.oracle.com/technetwork/security-advisory/cpuap...

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 23, 2019
Vulnerability Reserved
Dec 14, 2018