Security Vulnerability in Oracle Transportation Management by Oracle
CVE-2019-2709

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Transportation Management
Vendor: CVE Published:; 23 April 2019

Summary

A vulnerability exists in the Oracle Transportation Management component of Oracle Supply Chain Products Suite that allows an unauthenticated attacker with network access via HTTP to compromise the system. It is especially concerning as attacks can only be initiated with human interaction from a user not associated with the attacker. While the vulnerability is specific to Oracle Transportation Management, it may lead to unauthorized updates, inserts, or deletions of accessible data and unauthorized read access to certain data sets within the system. This could significantly compromise the integrity and confidentiality of data managed by the affected component.

Affected Version(s)

Transportation Management 6.3.7

Transportation Management 6.4.2

Transportation Management 6.4.3

References

http://www.oracle.com/technetwork/security-advisory/cpuap...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 23, 2019
Vulnerability Reserved
Dec 14, 2018