CVE-2019-2761
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Attachments / File Upload). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
Una vulnerabilidad en el componente Oracle Application Object Library de E-Business Suite de Oracle (subcomponente: Attachments / File Upload). Las versiones compatibles que están afectadas son 12.1.3 y 12.2.3 hasta 12.2.8. Una vulnerabilidad difícil de explotar permite a un atacante no autenticado con acceso a la red por medio de HTTP comprometer a Oracle Application Object Library. Los ataques con éxito de esta vulnerabilidad pueden resultar en un acceso de lectura no autorizado a un subconjunto de datos accesibles de la Oracle Application Object Library. CVSS 3.0 Puntuación Base 3.7 (Impactos de confidencialidad). Vector CVSS: (CVSS: 3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2018-12-14 CVE Reserved
- 2019-07-23 CVE Published
- 2023-03-08 EPSS Updated
- 2024-10-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | 2020-08-24 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Oracle Search vendor "Oracle" | Application Object Library Search vendor "Oracle" for product "Application Object Library" | >= 12.2.3 <= 12.2.8 Search vendor "Oracle" for product "Application Object Library" and version " >= 12.2.3 <= 12.2.8" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Application Object Library Search vendor "Oracle" for product "Application Object Library" | 12.1.3 Search vendor "Oracle" for product "Application Object Library" and version "12.1.3" | - |
Affected
|