CVE-2019-2828

Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite (subcomponent: Wireless) versions 12.1.1 through 12.1.3 Oracle E-Business Suite (subcomponent: Wireless) versions 12.2.3 through 12.2.8

Description The issue allows an unauthenticated attacker with network access via HTTP to compromise Oracle Field Service, requiring human interaction from a person other than the attacker. Attacks may significantly impact additional products and can result in the takeover of Oracle Field Service.

Recommendations For versions 12.1.1 through 12.1.3, update to a version outside of this range to mitigate the risk. For versions 12.2.3 through 12.2.8, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the Oracle Field Service component via HTTP to minimize the risk of exploitation.