CVE-2019-2659

Name of the Vulnerable Software and Affected Versions Oracle Commerce Platform version 11.2.0.3

Description The issue is related to insufficient access control in the Dynamo Application Framework component of the Oracle Commerce Platform. It allows a remote attacker to modify, add, or delete data using the HTTP protocol. Successful attacks require human interaction and can result in unauthorized access to some of the platform's data, including update, insert, or delete access, as well as read access to a subset of the data.

Recommendations For version 11.2.0.3, consider restricting access to the Dynamo Application Framework component until a patch is available. As a temporary workaround, limit the use of HTTP protocol interactions with the Oracle Commerce Platform to minimize the risk of exploitation. Additionally, ensure that all users of the platform are aware of the potential for unauthorized data access and take necessary precautions to verify the integrity of the data. At the moment, there is no information about a newer version that contains a fix for this vulnerability.