CVE-2019-2713

2019-04-2318:16:45

oracle

www.cve.org

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

38.5%

JSON

Vulnerability in the Oracle Commerce Merchandising component of Oracle Commerce (subcomponent: Asset Manager). The supported version that is affected is 11.2.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Merchandising. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Merchandising accessible data as well as unauthorized read access to a subset of Oracle Commerce Merchandising accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).

CNA Affected

[
  {
    "product": "Commerce Merchandising",
    "vendor": "Oracle Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "11.2.0.3"
      }
    ]
  }
]

References

www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html