CVE-2019-2720
First published: Tue Apr 23 2019(Updated: )
Vulnerability in the Oracle Data Integrator component of Oracle Fusion Middleware (subcomponent: ODI Tools). Supported versions that are affected are 11.1.1.9.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Data Integrator. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Data Integrator accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle Data Integrator | =11.1.1.9.0 | |
| Oracle Data Integrator | =12.2.1.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2019-2720?
CVE-2019-2720 is a vulnerability in the Oracle Data Integrator component of Oracle Fusion Middleware.
Which versions of Oracle Data Integrator are affected by CVE-2019-2720?
The versions 11.1.1.9.0 and 12.2.1.3.0 of Oracle Data Integrator are affected by CVE-2019-2720.
What is the severity of CVE-2019-2720?
CVE-2019-2720 has a severity rating of 3.1, which is considered low.
How can an attacker exploit CVE-2019-2720?
An attacker with network access via HTTP can exploit CVE-2019-2720 to compromise Oracle Data Integrator.
Is there a reference link for more information about CVE-2019-2720?
Yes, you can find more information about CVE-2019-2720 at the following link: http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- collector/nvd-index
- vendor/oracle
- canonical/oracle data integrator
- version/oracle data integrator/11.1.1.9.0
- version/oracle data integrator/12.2.1.3.0