Unauthenticated File Upload Vulnerability in Oracle E-Business Suite
CVE-2019-2682

8.2HIGH

Key Information:

Vendor: Oracle
Status: Applications Framework
Vendor: CVE Published:; 23 April 2019

Summary

This vulnerability pertains to the Oracle Applications Framework component of Oracle E-Business Suite, specifically in the Attachments/File Upload subcomponent. It allows for unauthenticated attackers to compromise the framework when they have network access via HTTP. Successful exploitation can lead to unauthorized access to sensitive data, enabling adversaries to execute file uploads that could update, insert, or delete data within the Oracle Applications Framework. The exploitation process necessitates human interaction from a user other than the attacker. This opens the door for significant repercussions on related products due to the interconnected nature of the Oracle E-Business Suite.

Affected Version(s)

Applications Framework 12.1.3

Applications Framework 12.2.3

Applications Framework 12.2.4

References

http://www.oracle.com/technetwork/security-advisory/cpuap...

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 23, 2019
Vulnerability Reserved
Dec 14, 2018