CVE-2019-2895

Name of the Vulnerable Software and Affected Versions Oracle Enterprise Manager for Exadata versions 12.1.0.5.0, 13.2.2.0.0, 13.3.1.0.0, 13.3.2.0.0

Description The issue is related to inadequate access control in the Exadata Plug-In Deploy and Ins component of Oracle Enterprise Manager for Exadata. It allows a low-privileged attacker with network access via HTTP to compromise the system. Successful exploitation can result in the takeover of Enterprise Manager for Exadata.

Recommendations For version 12.1.0.5.0, update to a version that includes the necessary security patches. For version 13.2.2.0.0, apply the recommended security fixes to prevent exploitation. For version 13.3.1.0.0, consider restricting access to the Exadata Plug-In Deploy and Ins component until a patch is available. For version 13.3.2.0.0, disable the vulnerable component temporarily to minimize the risk of exploitation.