CVE-2019-2489

Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite versions 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8

Description The issue is related to inadequate access control in the Oracle One-to-One Fulfillment component, specifically the OCM Query subcomponent. This allows an unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks can result in unauthorized creation, deletion, or modification access to critical data or all accessible data within Oracle One-to-One Fulfillment, as well as unauthorized access to critical data.

Recommendations For versions 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.