Vulnerability in Oracle Outside In Technology for Oracle Fusion Middleware
CVE-2019-2853

6.3MEDIUM

Key Information:

Vendor: Oracle
Status: Text
Vendor: CVE Published:; 23 July 2019

Summary

The vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware allows unauthenticated attackers with HTTP access to compromise the system. This can result in unauthorized modifications, including updates, inserts, or deletions to sensitive data, as well as unauthorized read access to specific subsets of data. Additionally, the vulnerability may enable attackers to partially disrupt service, leading to a denial of service scenario. The risk associated with this vulnerability depends on the way data is transferred to the Outside In Technology, specifically whether it originates from the network.

Affected Version(s)

Text 11.2.0.4

Text 12.1.0.2

Text 12.2.0.1

References

http://www.oracle.com/technetwork/security-advisory/cpuju...

x_refsource_MISC

https://www.oracle.com/security-alerts/cpuapr2020.html

x_refsource_MISC

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 23, 2019
Vulnerability Reserved
Dec 14, 2018