Vulnerability in Oracle iStore from Oracle E-Business Suite
CVE-2019-2990

8.2HIGH

Key Information:

Vendor: Oracle
Status: Istore
Vendor: CVE Published:; 16 October 2019

Summary

A vulnerability exists in Oracle iStore, a component of the Oracle E-Business Suite, allowing unauthenticated attackers with HTTP network access to exploit the system. Attackers can manipulate the vulnerability by requiring human interaction from another person, leading to unauthorized access to sensitive data, including the ability to insert, update, or delete records. The supported versions impacted range from 12.1.1 to 12.1.3 and 12.2.3 to 12.2.9, and while the vulnerability specifically affects Oracle iStore, it could also potentially impact other related applications.

Affected Version(s)

iStore 12.1.1-12.1.3

iStore 12.2.3-12.2.9

References

http://www.oracle.com/technetwork/security-advisory/cpuoc...

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 16, 2019
Vulnerability Reserved
Dec 14, 2018