CVE-2019-2400

Name of the Vulnerable Software and Affected Versions Oracle iStore versions 12.1.1 through 12.1.3 Oracle iStore versions 12.2.3 through 12.2.8

Description The issue is related to errors in the code of the User Registration subcomponent of Oracle iStore in the Oracle E-Business Suite system. Exploitation of this issue may allow a remote attacker to modify, add, or delete data using the HTTP protocol. The attack requires human interaction from someone other than the attacker and can significantly impact additional products, resulting in unauthorized access to critical data or complete access to all Oracle iStore accessible data, as well as unauthorized update, insert, or delete access to some Oracle iStore accessible data.

Recommendations For Oracle iStore versions 12.1.1 through 12.1.3, update to a version that includes the fix for this issue. For Oracle iStore versions 12.2.3 through 12.2.8, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the User Registration subcomponent until a patch is available.