Vulnerability in Oracle Agile PLM of Oracle Supply Chain Products Suite
CVE-2019-2817

5.4MEDIUM

Key Information:

Vendor: Oracle
Status: Agile Plm Framework
Vendor: CVE Published:; 23 July 2019

Summary

A vulnerability exists in the Oracle Agile PLM component of Oracle Supply Chain Products Suite, specifically within its Folders, Files & Attachments subcomponent. This flaw affects Oracle Agile PLM versions 9.3.3 through 9.3.6 and allows low-privileged remote attackers with network access to potentially exploit the system. Successful exploitation necessitates user interaction from a targeted individual. The consequences of this vulnerability may include unauthorized access to sensitive data, which could result in full exposure of all accessible Oracle Agile PLM data, as well as the potential to induce a partial denial of service condition.

Affected Version(s)

Agile PLM Framework 9.3.3

Agile PLM Framework 9.3.4

Agile PLM Framework 9.3.5

References

http://www.oracle.com/technetwork/security-advisory/cpuju...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 23, 2019
Vulnerability Reserved
Dec 14, 2018