来源

关联漏洞

介绍

# CVE-2019-2706

## 🗒️ Intro
CVE-2019-2706 is a critical vulnerability identified in the **Oracle Business Process Management Suite** component of **Oracle Fusion Middleware**, specifically within the **BPM Foundation Services** subcomponent. This flaw affects version **11.1.1.9.0** of the suite.

### Discovery and Reporting
The vulnerability was discovered and reported by **Athul Jayaram**, a security researcher recognized for identifying significant security flaws. Oracle acknowledged his contribution in their **April 2019 Critical Patch Update Advisory**.

### Technical Details

- **Attack Vector**: The vulnerability is exploitable remotely via HTTP, allowing an unauthenticated attacker with network access to compromise the Oracle Business Process Management Suite.
- **Impact**: Successful exploitation can lead to unauthorized access to sensitive data and unauthorized modification or deletion of data within the affected system.
- **User Interaction**: Exploitation requires human interaction from a user other than the attacker.
- **CVSS 3.0 Base Score**: 8.2 (High).

### Mitigation
Oracle addressed this vulnerability in their **April 2019 Critical Patch Update**. Users of the affected version are strongly advised to apply the provided security patches promptly to mitigate potential risks.

## 🌐 Sources

1. [CVE-2019-2706 Detail - NVD](https://nvd.nist.gov/vuln/detail/CVE-2019-2706)
2. [Oracle Critical Patch Update Advisory - April 2019](https://www.oracle.com/security-alerts/cpuapr2019.html)
3. [CVE-2019-2706 - CVE Details](https://www.cvedetails.com/cve/CVE-2019-2706/)
4. [CVE-2019-2706 - Enginsight Vulnerability Database](https://cve.enginsight.com/2019/2706/index.html)
5. [CVE-2019-2706 - Vulners.com](https://vulners.com/vulnrichment/VULNRICHMENT%3ACVE-2019-2706)
6. [CVE-2019-2706 - CVEfind](https://www.cvefind.com/en/cve/CVE-2019-2706.html)

文件快照

 [4.0K]  /data/pocs/ef97898b929ae273e9b9c1880f14ef6490d948af
└── [1.8K]  README.md

0 directories, 1 file

备注