CVE-2019-2453

Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite versions 12.1.1 through 12.1.3

Description The issue is related to inadequate access control in the Oracle Performance Management component, specifically the Performance Management Plan subcomponent. This can be exploited by an unauthenticated attacker with network access via the HTTP protocol to compromise Oracle Performance Management, allowing unauthorized modification of protected information. Successful attacks can result in unauthorized creation, deletion, or modification access to critical data.

Recommendations For versions 12.1.1 through 12.1.3, consider restricting access to the Performance Management Plan subcomponent until a patch is available to prevent unauthorized modification of critical data. As a temporary workaround, limit network access via HTTP to minimize the risk of exploitation.