Oracle Enterprise Manager versions 12.1.0.5.0 Insufficient Information Vulnerability

Summary

Vulnerability in the Enterprise Manager for Exadata product of Oracle Enterprise Manager (component: Exadata Plug-In Deploy and Ins). Supported versions that are affected are 12.1.0.5.0, 13.2.2.0.0, 13.3.1.0.0 and 13.3.2.0.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager for Exadata.

 

 

 

 

 

 

Credit:

The information has been provided by Alexander Kornbrust

The original article can be found at: http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

 


Details

Successful attacks of this vulnerability can result in takeover of Enterprise Manager for Exadata. 

 

Vulnerable Systems:

Oracle Enterprise Manager versions 12.1.0.5.0 

Oracle Enterprise Manager versions 13.2.2.0.0 

Oracle Enterprise Manager versions 13.3.1.0.0  

Oracle Enterprise Manager versions 13.3.2.0.0 

 

CVE Information:

CVE-2019-2895

Disclosure Timeline:
Published Date:10/16/2019