Lucene search

OracleCVE-2019-2538

HistoryJan 16, 2019 - 7:30 p.m.

CVE-2019-2538

2019-01-1619:30:35

oracle

web.nvd.nist.gov

oracle

managed file transfer

vulnerability

cve-2019-2538

oracle fusion middleware

security

data access

data modification

network access

cvss

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

21.9%

JSON

Vulnerability in the Oracle Managed File Transfer component of Oracle Fusion Middleware (subcomponent: MFT Runtime Server). Supported versions that are affected are 19.1.0.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Managed File Transfer. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Managed File Transfer accessible data as well as unauthorized read access to a subset of Oracle Managed File Transfer accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N).

Affected configurations

Nvd

Vulners

Node

oraclemanaged_file_transferMatch12.2.1.3.0

oraclemanaged_file_transferMatch19.1.0.0.0

VendorProductVersionCPE
oraclemanaged_file_transfer12.2.1.3.0cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*
oraclemanaged_file_transfer19.1.0.0.0cpe:2.3:a:oracle:managed_file_transfer:19.1.0.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oracle	managed_file_transfer	12.2.1.3.0	cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:::::::*
oracle	managed_file_transfer	19.1.0.0.0	cpe:2.3:a:oracle:managed_file_transfer:19.1.0.0.0:::::::*

CNA Affected

[
  {
    "product": "Managed File Transfer",
    "vendor": "Oracle Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "19.1.0.0.0"
      },
      {
        "status": "affected",
        "version": "12.2.1.3.0"
      }
    ]
  }
]

References

www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

www.securityfocus.com/bid/106606

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

21.9%

JSON

Related for CVE-2019-2538