User Interface Vulnerability in Oracle E-Business Suite by Oracle
CVE-2019-2837

8.2HIGH

Key Information:

Vendor: Oracle
Status: Crm Technical Foundation
Vendor: CVE Published:; 23 July 2019

Summary

An exploitable vulnerability within the User Interface of the Oracle CRM Technical Foundation component in Oracle E-Business Suite poses significant risks. It allows unauthenticated attackers with network access via HTTP to manipulate the system, necessitating user interaction from an unwitting individual. This vulnerability could lead to unauthorized access to sensitive data, as well as the potential for manipulating, inserting, or deleting data within the Oracle CRM Technical Foundation. Successful exploitation may compromise the confidentiality and integrity of critical information, affecting not only the CRM component but potentially other integrated products.

Affected Version(s)

CRM Technical Foundation 12.1.3

CRM Technical Foundation 12.2.3 - 12.2.8

References

http://www.oracle.com/technetwork/security-advisory/cpuju...

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 23, 2019
Vulnerability Reserved
Dec 14, 2018