CVE-2019-2903

Name of the Vulnerable Software and Affected Versions Oracle Outside In Technology versions 8.5.4

Description The issue is related to insufficient access control in the Outside In Filters component of the Oracle Outside In Technology product, which is a suite of software development kits (SDKs). This allows an unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology, resulting in unauthorized read, update, insert, or delete access to some data, as well as the ability to cause a partial denial of service.

Recommendations For version 8.5.4, consider restricting access to the Outside In Filters component to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the use of the HTTP protocol to reduce the attack surface.