Unauthorized Access Vulnerability in Oracle Business Process Management Suite by Oracle
CVE-2019-2706

8.2HIGH

Key Information:

Vendor: Oracle
Status: Business Process Management Suite
Vendor: CVE Published:; 23 April 2019

What is CVE-2019-2706?

This vulnerability within the Oracle Business Process Management Suite allows an unauthenticated attacker to exploit the BPM Foundation Services via HTTP. By requiring human interaction from another party, the attacker can compromise sensitive data. Successful exploitation may lead to unauthorized access and manipulation, including updates, inserts, or deletions of crucial information within the accessible datasets of the Oracle Business Process Management Suite.

Affected Version(s)

Business Process Management Suite 11.1.1.9.0

References

http://www.oracle.com/technetwork/security-advisory/cpuap...

x_refsource_MISC

http://www.securityfocus.com/bid/107931

vdb-entryx_refsource_BID

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 23, 2019
Vulnerability Reserved
Dec 14, 2018