CVE-2019-2726 - Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products S

CVE-2019-2726

Summary

Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite (subcomponent: Services Integration). The supported version that is affected is 12.3.3. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Ops Center. While the vulnerability is in Enterprise Manager Ops Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Enterprise Manager Ops Center. CVSS 3.0 Base Score 6.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H).

References

http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Vulnerable Configurations

cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*

CVSS

Base:	6.3 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	SINGLE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:S/C:N/I:N/A:C

refmap via4

misc

http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Last major update

24-08-2020 - 17:37

Published

24-05-2019 - 17:29

Last modified

24-08-2020 - 17:37