CVE-2019-2488

Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite versions 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8

Description The issue is related to insufficient access control in the Oracle CRM Technical Foundation component. It can be exploited by a remote attacker to gain access to protected information using the HTTP protocol. Successful attacks can result in unauthorized read access to a subset of Oracle CRM Technical Foundation accessible data.

Recommendations For versions 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, and 12.2.8, consider restricting access to the HTTP protocol to minimize the risk of exploitation. As a temporary workaround, consider disabling the Session Management subcomponent until a patch is available. Restrict network access via HTTP to the Oracle CRM Technical Foundation component to reduce the risk of unauthorized access.