File Upload Vulnerability in Oracle E-Business Suite by Oracle
CVE-2019-2761

3.7LOW

Key Information:

Vendor
Oracle
Status
Application Object Library
Vendor
CVE Published:
23 July 2019

Summary

A vulnerability exists in the Oracle E-Business Suite, specifically within the Oracle Application Object Library component, that allows unauthenticated network attackers to exploit file upload functionalities. This vulnerability can lead to unauthorized read access to sensitive data within the Oracle Application Object Library. Affected versions include 12.1.3 and 12.2.3 through 12.2.8. Organizations using these versions should take necessary precautions to mitigate potential risks.

Affected Version(s)

Application Object Library 12.1.3

Application Object Library 12.2.3 - 12.2.8

References

http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_MISC

CVSS V3.1

Score:
3.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.