CVE-2019-2854

Name of the Vulnerable Software and Affected Versions Oracle Outside In Technology version 8.5.4

Description The issue is related to inadequate access control in the Oracle Outside In Technology component of Oracle Fusion Middleware, specifically in the Outside In Filters subcomponent. This can be exploited by an unauthenticated attacker with network access via the HTTP protocol to compromise Oracle Outside In Technology, potentially leading to unauthorized access to protected data or a partial denial of service. Successful attacks can result in unauthorized update, insert, or delete access to some Oracle Outside In Technology accessible data, as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data.

Recommendations For Oracle Outside In Technology version 8.5.4, update to a version that includes the fix for this issue, as the current version is easily exploitable and can lead to significant security breaches. As a temporary workaround, consider restricting network access via HTTP to minimize the risk of exploitation. Additionally, ensure that any software using the Outside In Technology code does not pass data received over a network directly to the Outside In Technology code without proper validation and sanitization.