Oracle E-Business Suite Cpujan2019 Multiple Security Vulnerabilities
BID:106620
CVE-2019-2396 | CVE-2019-2400 | CVE-2019-2440 | CVE-2019-2445 | CVE-2019-2447 | CVE-2019-2470 | CVE-2019-2485 | CVE-2019-2488 | CVE-2019-2489 | CVE-2019-2491 | CVE-2019-2492 | CVE-2019-2496 | CVE-2019-2497 | CVE-2019-2498 | CVE-2019-2546 |Info
Oracle E-Business Suite Cpujan2019 Multiple Security Vulnerabilities
| Bugtraq ID: | 106620 |
| Class: | Unknown |
| CVE: |
CVE-2019-2489 CVE-2019-2445 CVE-2019-2400 CVE-2019-2440 CVE-2019-2498 CVE-2019-2447 CVE-2019-2470 CVE-2019-2491 CVE-2019-2492 CVE-2019-2485 CVE-2019-2546 CVE-2019-2488 CVE-2019-2396 CVE-2019-2496 CVE-2019-2497 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 15 2019 12:00AM |
| Updated: | Jan 15 2019 12:00AM |
| Credit: | Oracle, Andrej Simko of Accenture working with iDefense Labs, Andrej Simko of Accenture, Rajesh Tv, Deapesh Misra of iDefense. |
| Vulnerable: |
Oracle E-Business Suite 12.2.8 Oracle E-Business Suite 12.2.7 Oracle E-Business Suite 12.2.6 Oracle E-Business Suite 12.2.3 Oracle E-Business Suite 12.1.2 Oracle E-Business Suite 12.1.1 Oracle E-Business Suite 12.2.5 Oracle E-Business Suite 12.2.4 Oracle E-Business Suite 12.1.3 |
| Not Vulnerable: | |
Discussion
Oracle E-Business Suite Cpujan2019 Multiple Security Vulnerabilities
Oracle E-Business Suite is prone to multiple security vulnerabilities.
These vulnerabilities can be exploited over the 'HTTP' protocol. The 'OCM Query', 'Performance Management Plan', 'Cover Letter', 'Messages', 'User Registration', 'User Interface', 'Partner Dash board', 'Partner Detail', 'Session Management', 'Message Display', 'Administration', 'SQL Extensions' components are affected.
These vulnerabilities affect the following supported versions:
12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8
Oracle E-Business Suite is prone to multiple security vulnerabilities.
These vulnerabilities can be exploited over the 'HTTP' protocol. The 'OCM Query', 'Performance Management Plan', 'Cover Letter', 'Messages', 'User Registration', 'User Interface', 'Partner Dash board', 'Partner Detail', 'Session Management', 'Message Display', 'Administration', 'SQL Extensions' components are affected.
These vulnerabilities affect the following supported versions:
12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, 12.2.8
Exploit / POC
Oracle E-Business Suite Cpujan2019 Multiple Security Vulnerabilities
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Oracle E-Business Suite Cpujan2019 Multiple Security Vulnerabilities
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Oracle E-Business Suite Cpujan2019 Multiple Security Vulnerabilities
References:
References:
- Oracle Homepage (Oracle)
- Oracle Critical Patch Update Advisory - January 2019 (Oracle)