(CVE-2019-2453) - SecureMisr Identifies a Critical Vulnerability impacting Oracle Performance Managment

from : January 13, 2019 to: December 31, 2019

SecureMisr Consultant Mohamed Sayed, has identified a critical vulnerability (CVSS:3.0 Base Score 9.1) impacting the Oracle Performance Management component of Oracle E-Business Suite. 

The vulnerability impacts versions 12.1.1, 12.1.2 and 12.1.3. The vulnerability is easily exploitable and allows an unauthenticated attacker with network access over HTTP to compromise Oracle Performance Management. Successful exploitation can result in unauthorized creation, deletion or modification access to all Oracle Performance Management accessible data. 

The vulnerability has been addressed by Oracle's January 2019 Critical Patch Update:

https://www.oracle.com/technetwork/security-advisory/cpujan2019verbose-5072807.html