Security Flaw in Oracle E-Business Suite Print Server Component
CVE-2019-2672

8.2HIGH

Key Information:

Vendor: Oracle
Status: One-to-one Fulfillment
Vendor: CVE Published:; 23 July 2019

Summary

A vulnerability has been identified in the Print Server component of Oracle E-Business Suite's One-to-One Fulfillment. This flaw allows an unauthenticated attacker with network access via HTTP to compromise the system. Exploiting this vulnerability requires human interaction from another individual, but it poses severe risks to the security of Oracle E-Business Suite's sensitive data. Successful exploitation can lead to unauthorized access, enabling attackers to view, modify, delete, or insert data within the One-to-One Fulfillment component. This poses a significant threat not only to the affected product but to other interconnected components as well.

Affected Version(s)

One-to-One Fulfillment 12.1.1 - 12.1.3

One-to-One Fulfillment 12.2.3 - 12.2.8

References

http://www.oracle.com/technetwork/security-advisory/cpuju...

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 23, 2019
Vulnerability Reserved
Dec 14, 2018