What is the severity of CVE-2019-2605?

CVE-2019-2605 is considered a medium severity vulnerability that could allow an unauthenticated attacker to exploit the Oracle Business Intelligence Enterprise Edition.

How do I fix CVE-2019-2605?

To fix CVE-2019-2605, update your Oracle Business Intelligence Enterprise Edition to the latest patched version provided by Oracle.

What versions are affected by CVE-2019-2605?

CVE-2019-2605 affects Oracle Business Intelligence versions 11.1.1.9.0, 12.2.1.3.0, and 12.2.1.4.0.

What components are impacted by CVE-2019-2605?

CVE-2019-2605 impacts the Web Catalog component of the Oracle Business Intelligence Enterprise Edition.

Can CVE-2019-2605 be exploited remotely?

Yes, CVE-2019-2605 can potentially be exploited by an unauthenticated attacker with network access.

Vulnerability/
CVE-2019-2605

low

3.4

23/4/2019

21/11/2024

CVE-2019-2605

First published: Tue Apr 23 2019(Updated: )

Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Web Catalog). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.0 Base Score 3.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N).

Credit: secalert_us@oracle.com secalert_us@oracle.com

Affected Software	Affected Version	How to fix
Oracle Business Intelligence Enterprise Edition	=11.1.1.9.0
Oracle Business Intelligence Enterprise Edition	=12.2.1.3.0
Oracle Business Intelligence Enterprise Edition	=12.2.1.4.0

Remedy

http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Never miss a vulnerability like this again

Reference Links

http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Frequently Asked Questions

What is the severity of CVE-2019-2605?
CVE-2019-2605 is considered a medium severity vulnerability that could allow an unauthenticated attacker to exploit the Oracle Business Intelligence Enterprise Edition.
How do I fix CVE-2019-2605?
To fix CVE-2019-2605, update your Oracle Business Intelligence Enterprise Edition to the latest patched version provided by Oracle.
What versions are affected by CVE-2019-2605?
CVE-2019-2605 affects Oracle Business Intelligence versions 11.1.1.9.0, 12.2.1.3.0, and 12.2.1.4.0.
What components are impacted by CVE-2019-2605?
CVE-2019-2605 impacts the Web Catalog component of the Oracle Business Intelligence Enterprise Edition.
Can CVE-2019-2605 be exploited remotely?
Yes, CVE-2019-2605 can potentially be exploited by an unauthenticated attacker with network access.

agent/type
agent/severity
agent/remedy
agent/references
agent/description
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/author
agent/softwarecombine
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-api
source/NVD
agent/software-canonical-lookup
vendor/oracle
canonical/oracle business intelligence enterprise edition
version/oracle business intelligence enterprise edition/11.1.1.9.0
version/oracle business intelligence enterprise edition/12.2.1.3.0
version/oracle business intelligence enterprise edition/12.2.1.4.0