Remote Code Execution Vulnerability in Oracle Data Integrator by Oracle
CVE-2019-2943

6.5MEDIUM

Key Information:

Vendor: Oracle
Status: Data Integrator
Vendor: CVE Published:; 16 October 2019

Summary

A vulnerability exists in the Oracle Data Integrator component of Oracle Fusion Middleware, specifically affecting version 12.2.1.3.0. This flaw allows an attacker with low privileges and network access to exploit the system via HTTP. Successful exploitation can lead to unauthorized access to sensitive data, potentially compromising the integrity of confidential information managed by Oracle Data Integrator. Immediate corrective measures are recommended to safeguard sensitive data against this easily exploitable vulnerability.

Affected Version(s)

Data Integrator 12.2.1.3.0

References

http://www.oracle.com/technetwork/security-advisory/cpuoc...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 16, 2019
Vulnerability Reserved
Dec 14, 2018