Vulnerability in Oracle E-Business Suite’s Print Server Component
CVE-2019-2666

8.2HIGH

Key Information:

Vendor: Oracle
Status: One-to-one Fulfillment
Vendor: CVE Published:; 23 July 2019

Summary

A vulnerability exists within the Print Server component of Oracle E-Business Suite that allows an unauthenticated attacker with network access via HTTP to exploit the system. While the vulnerability specifically targets the Oracle One-to-One Fulfillment functionality, a successful attack requires interaction from a user other than the attacker. This flaw can lead to unauthorized access to sensitive data as well as the potential for unauthorized modifications such as updates or deletions of data within the Oracle One-to-One Fulfillment environment. The vulnerability's implications may extend to additional Oracle products, emphasizing the need for urgent remedial action.

Affected Version(s)

One-to-One Fulfillment 12.1.1 - 12.1.3

One-to-One Fulfillment 12.2.3 - 12.2.8

References

http://www.oracle.com/technetwork/security-advisory/cpuju...

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 23, 2019
Vulnerability Reserved
Dec 14, 2018