Vulnerability in Oracle E-Business Suite Knowledge Management Component
CVE-2019-2660

8.2HIGH

Key Information:

Vendor: Oracle
Status: Knowledge Management
Vendor: CVE Published:; 23 April 2019

Summary

A security vulnerability exists in the Oracle Knowledge Management component of the Oracle E-Business Suite. This flaw allows an unauthenticated attacker with network access via HTTP to potentially compromise the Knowledge Management system. While the attacks require human interaction from another individual, they can lead to severe repercussions, including unauthorized access to sensitive data. Furthermore, the successful exploitation may allow attackers to update, insert, or delete data within Oracle Knowledge Management, thereby affecting the integrity and confidentiality of the data stored in the system.

Affected Version(s)

Knowledge Management 12.1.1

Knowledge Management 12.1.2

Knowledge Management 12.1.3

References

http://www.oracle.com/technetwork/security-advisory/cpuap...

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 23, 2019
Vulnerability Reserved
Dec 14, 2018