(CVE-2019-2413) SecureMisr identifies a vulnerability in Oracle Fusion Middleware
from : January 13, 2019
to: December 31, 2019
SecureMisr's consultant Mohamed Fouad has identified a security vulnerability (CVSS Base Score: 6.1) impacting the Oracle Reports Developer component of Oracle Fusion Middleware.
The vulnerability is easily exploitable and allows an unauthenticated attacker with network access via HTTP to compromise Oracle Reports Developer. Successful exploitation requires human interaction from a person other than the attacker.
Successful exploitation of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Reports Developer accessible data as well as unauthorized read access to a subset of Oracle Reports Developer accessible data.
The vulnerability impacts version 220.127.116.11 of the software and has been by Oracle's January 2019 critical patch update.