User Interface Vulnerability in Oracle E-Business Suite Advanced Outbound Telephony
CVE-2019-2942

8.2HIGH

Key Information:

Vendor: Oracle
Status: Advanced Outbound Telephony
Vendor: CVE Published:; 16 October 2019

Summary

The vulnerability in Oracle Advanced Outbound Telephony within the Oracle E-Business Suite is characterized by the potential for an unauthenticated attacker with network access via HTTP to exploit it. This vulnerability requires interaction from a person other than the attacker, making it particularly concerning. If successfully exploited, attackers can gain unauthorized access to critical data, potentially leading to full access to all Oracle Advanced Outbound Telephony accessible data. The risk also includes the unauthorized ability to update, insert, or delete data within the Oracle Advanced Outbound Telephony system, which could have cascading effects on related products. It's imperative for users of affected versions to implement available security measures and updates to mitigate the risks associated with this vulnerability.

Affected Version(s)

Advanced Outbound Telephony 12.1.1-12.1.3

Advanced Outbound Telephony 12.2.3-12.2.8

References

http://www.oracle.com/technetwork/security-advisory/cpuoc...

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 16, 2019
Vulnerability Reserved
Dec 14, 2018