Unauthenticated Access Vulnerability in Oracle E-Business Suite
CVE-2019-2655

8.2HIGH

Key Information:

Vendor: Oracle
Status: Interaction Center Intelligence
Vendor: CVE Published:; 23 April 2019

Summary

A vulnerability exists in the Oracle Interaction Center Intelligence component of Oracle E-Business Suite, affecting versions 12.1.1, 12.1.2, and 12.1.3. This vulnerability enables unauthenticated attackers with network access via HTTP to compromise the system. While successful exploitation requires human interaction from a third party, the severity of potential impacts involves the unauthorized access to sensitive data and the capability to manipulate data (insert, update, delete) within the Oracle Interaction Center Intelligence. Organizations utilizing these versions should take immediate precautions to safeguard their data.

Affected Version(s)

Interaction Center Intelligence 12.1.1

Interaction Center Intelligence 12.1.2

Interaction Center Intelligence 12.1.3

References

http://www.oracle.com/technetwork/security-advisory/cpuap...

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 23, 2019
Vulnerability Reserved
Dec 14, 2018