Unauthenticated Access Vulnerability in Oracle Field Service by Oracle
CVE-2019-2930

4.7MEDIUM

Key Information:

Vendor: Oracle
Status: Field Service
Vendor: CVE Published:; 16 October 2019

Summary

This vulnerability exists in Oracle Field Service, part of the Oracle E-Business Suite, enabling an unauthenticated attacker with network access through HTTP to exploit the system. The attack requires human interaction from a user other than the attacker, potentially leading to unauthorized updates, inserts, or deletions of sensitive data within Oracle Field Service. While the primary focus is on this component, successful exploitation could affect additional integrated products.

Affected Version(s)

Field Service 12.1.1-12.1.3

Field Service 12.2.3-12.2.8

References

http://www.oracle.com/technetwork/security-advisory/cpuoc...

x_refsource_MISC

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 16, 2019
Vulnerability Reserved
Dec 14, 2018