CVE-2019-2761 : Vulnerability in the Oracle Application Object Library component of Oracle E-Bus

Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Attachments / File Upload). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

Published 2019-07-23 23:15:40

Updated 2020-08-24 17:37:01

Source Oracle

View at NVD, CVE.org

Products affected by CVE-2019-2761

Oracle » Application Object Library
Versions from including (>=) 12.2.3 and up to, including, (<=) 12.2.8
cpe:2.3:a:oracle:application_object_library:*:*:*:*:*:*:*:*
Matching versions
Oracle » Application Object Library » Version: 12.1.3
cpe:2.3:a:oracle:application_object_library:12.1.3:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2019-2761

EPSS FAQ

0.65%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 68 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-2761

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
3.7	LOW	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N	2.2	1.4	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

References for CVE-2019-2761

http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Oracle Critical Patch Update - July 2019
Patch;Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2019-2761

Products affected by CVE-2019-2761

Exploit prediction scoring system (EPSS) score for CVE-2019-2761

CVSS scores for CVE-2019-2761

References for CVE-2019-2761