Summaryinfo

A vulnerability, which was classified as critical, has been found in Oracle Commerce Platform 11.2.0.3/11.3.1. Affected by this issue is some unknown functionality of the component Dynamo Application Framework. The manipulation leads to an unknown weakness. This vulnerability is handled as CVE-2019-2712. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Detailsinfo

A vulnerability classified as critical was found in Oracle Commerce Platform 11.2.0.3/11.3.1. Affected by this vulnerability is some unknown processing of the component Dynamo Application Framework. The CWE definition for the vulnerability is CWE-284. The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. As an impact it is known to affect confidentiality, and integrity.

The weakness was shared 04/16/2019 as Oracle Critical Patch Update Advisory - April 2019 as confirmed advisory (Website). The advisory is shared at oracle.com. This vulnerability is known as CVE-2019-2712. It demands that the victim is doing some kind of user interaction. Neither technical details nor an exploit are publicly available. MITRE ATT&CK project uses the attack technique T1068 for this issue.

Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

The entries VDB-133580, VDB-133572, VDB-133573 and VDB-133574 are related to this item. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Productinfo

Vendor

• Oracle

Name

• Commerce Platform

Version

• 11.2.0.3
• 11.3.1

License

• commercial

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion