Vulnerability in Oracle iRecruitment Component of Oracle E-Business Suite
CVE-2019-2809

5.3MEDIUM

Key Information:

Vendor: Oracle
Status: Irecruitment
Vendor: CVE Published:; 23 July 2019

Summary

A vulnerability exists in the Oracle iRecruitment component of the Oracle E-Business Suite, specifically within the Password Reset functionality. This issue allows an unauthenticated attacker with network access via HTTP to manipulate the service. Successful exploitation can lead to unauthorized actions that may partially disrupt the availability of Oracle iRecruitment services, thus posing a significant risk to organizational operations.

Affected Version(s)

iRecruitment 12.1.1 - 12.1.3

iRecruitment 12.2.3 - 12.2.8

References

http://www.oracle.com/technetwork/security-advisory/cpuju...

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 23, 2019
Vulnerability Reserved
Dec 14, 2018