Summaryinfo

A vulnerability was found in Oracle Global Lifecycle Management OPatch and classified as critical. Affected by this vulnerability is an unknown functionality of the component Patch Installer (Dell BSAFE Crypto-J). Executing a manipulation can lead to information disclosure. This vulnerability appears as CVE-2019-3740. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.

Detailsinfo

A vulnerability was found in Oracle Global Lifecycle Management OPatch (the affected version is unknown). It has been declared as critical. This vulnerability affects an unknown code of the component Patch Installer (Dell BSAFE Crypto-J). The manipulation with an unknown input leads to a information disclosure vulnerability. The CWE definition for the vulnerability is CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. As an impact it is known to affect confidentiality.

The weakness was presented 04/21/2021 as Oracle Critical Patch Update Advisory - April 2021. The advisory is available at oracle.com. This vulnerability was named CVE-2019-3740. Successful exploitation requires user interaction by the victim. The technical details are unknown and an exploit is not available. This vulnerability is assigned to T1592 by the MITRE ATT&CK project.

Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Once again VulDB remains the best source for vulnerability data.

Productinfo

Vendor

• Oracle

Name

• Global Lifecycle Management OPatch

License

• commercial

Website

• Vendor: https://www.oracle.com

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion