Oracle E-Business Suite Payment Component Vulnerability
CVE-2019-2773

5.8MEDIUM

Key Information:

Vendor: Oracle
Status: Payments
Vendor: CVE Published:; 23 July 2019

Summary

A vulnerability exists in the Oracle Payments component of the Oracle E-Business Suite, which allows unauthenticated attackers to exploit the system via HTTP. This weakens the security framework of the affected versions (12.1.1 - 12.1.3 and 12.2.3 - 12.2.8), enabling access to sensitive data within Oracle Payments. Potential exploitation could lead to unauthorized visibility of accessible payment data, severely impacting organizational confidentiality and data integrity.

Affected Version(s)

Payments 12.1.1 - 12.1.3

Payments 12.2.3 - 12.2.8

References

http://www.oracle.com/technetwork/security-advisory/cpuju...

x_refsource_MISC

CVSS V3.1

Score:

5.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jul 23, 2019
Vulnerability Reserved
Dec 14, 2018