CVE-2019-2445

Name of the Vulnerable Software and Affected Versions Oracle Content Manager versions 12.1.1 through 12.2.8

Description The issue is related to inadequate access control in the Cover Letter component of Oracle Content Manager, part of the Oracle E-Business Suite. This can be exploited by a remote attacker to modify, add, or delete data using the HTTP protocol. Successful attacks may require human interaction and can significantly impact additional products, potentially leading to unauthorized access to critical data or complete access to all accessible data in Oracle Content Manager, as well as unauthorized updates, inserts, or deletes to some of the accessible data.

Recommendations For versions 12.1.1 through 12.2.8, update to a version that includes the fix for this issue to prevent unauthorized access and modifications to data. At the moment, there is no information about a newer version that contains a fix for this vulnerability.