File Transmission Vulnerability in Oracle E-Business Suite
CVE-2019-2775

9.1CRITICAL

Key Information:

Vendor: Oracle
Status: Payments
Vendor: CVE Published:; 23 July 2019

Summary

A vulnerability exists in the Oracle Payments component of the Oracle E-Business Suite that allows an unauthenticated attacker with network access via HTTP to exploit it. This issue can lead to unauthorized creation, deletion, or modification of crucial data within Oracle Payments, potentially allowing attackers to disrupt service significantly or access sensitive data. Supported versions affected include 12.1.1 through 12.1.3 and 12.2.3 through 12.2.8.

Affected Version(s)

Payments 12.1.1 - 12.1.3

Payments 12.2.3 - 12.2.8

References

http://www.oracle.com/technetwork/security-advisory/cpuju...

x_refsource_MISC

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 23, 2019
Vulnerability Reserved
Dec 14, 2018