(CVE-2019-2413) SecureMisr identifies a vulnerability in Oracle Fusion Middleware

from : January 13, 2019 to: December 31, 2019

SecureMisr's consultant Mohamed Fouad has identified a security vulnerability (CVSS Base Score: 6.1) impacting the Oracle Reports Developer component of Oracle Fusion Middleware. 

The vulnerability is easily exploitable and allows an unauthenticated attacker with network access via HTTP to compromise Oracle Reports Developer. Successful exploitation requires human interaction from a person other than the attacker.

Successful exploitation of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Reports Developer accessible data as well as unauthorized read access to a subset of Oracle Reports Developer accessible data.

The vulnerability impacts version 12.2.1.3 of the software and has been by Oracle's January 2019 critical patch update.

https://www.oracle.com/technetwork/security-advisory/cpujan2019verbose-5072807.html