Vulnerability in Oracle E-Business Suite's CRM User Management Framework
CVE-2019-2665

8.2HIGH

Key Information:

Vendor: Oracle
Status: Common Applications
Vendor: CVE Published:; 23 April 2019

Summary

A security flaw in the Oracle Common Applications component of Oracle E-Business Suite allows an unauthenticated attacker with network access via HTTP to compromise the CRM User Management Framework. This vulnerability requires human interaction from a user other than the attacker, presenting specific risks to valuable information. Exploitation can lead to unauthorized access to sensitive data and may permit attackers to perform unauthorized updates, insertions, or deletions of accessible data. Despite being contained within Oracle Common Applications, successful attacks can have far-reaching implications on other interconnected products.

Affected Version(s)

Common Applications 12.1.3

Common Applications 12.2.3

Common Applications 12.2.4

References

http://www.oracle.com/technetwork/security-advisory/cpuap...

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 23, 2019
Vulnerability Reserved
Dec 14, 2018