CVE-2019-2459

Name of the Vulnerable Software and Affected Versions Oracle Outside In Technology versions 8.5.3 through 8.5.4

Description The issue is related to insufficient access control in the Outside In Filters component of the Oracle Outside In Technology software development kit (SDK). This can be exploited by a remote attacker using the HTTP protocol to cause a partial denial of service (DOS). The attacker does not need to be authenticated and can access the system via the network.

Recommendations For versions 8.5.3 and 8.5.4, consider restricting access to the Outside In Technology code to minimize the risk of exploitation until a patch is available. As a temporary workaround, consider disabling the HTTP protocol access to the Outside In Filters component until a fix is provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.