Vulnerability in Oracle Forms of Oracle Fusion Middleware
CVE-2019-2886

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Forms
Vendor: CVE Published:; 16 October 2019

Summary

A vulnerability exists in Oracle Forms within Oracle Fusion Middleware that could allow an unauthenticated attacker with network access via HTTP to compromise the application. This issue requires human interaction from a user other than the attacker, but successful exploitation may lead to unauthorized access, including the ability to read, update, insert, or delete sensitive data accessible through Oracle Forms. The vulnerability primarily affects version 12.2.1.3.0, though its impact could extend to other connected systems.

Affected Version(s)

Forms 12.2.1.3.0

References

http://www.oracle.com/technetwork/security-advisory/cpuoc...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 16, 2019
Vulnerability Reserved
Dec 14, 2018