Details of VAR-201907-0892

ID

VAR-201907-0892

CVE

CVE-2019-2733

TITLE

Oracle Supply Chain Products Suite of Oracle Demantra Demand Management In Product Security Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2019-006870

DESCRIPTION

Vulnerability in the Oracle Demantra Demand Management component of Oracle Supply Chain Products Suite (subcomponent: Product Security). The supported version that is affected is 7.3.1.5.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Demantra Demand Management accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). The product provides functions such as value chain planning, value chain execution, and product lifecycle management. The vulnerability can be exploited over the 'HTTP' Protocol

Trust: 2.43

sources: NVD: CVE-2019-2733 // JVNDB: JVNDB-2019-006870 // CNVD: CNVD-2019-24952 // BID: 109241

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-24952

AFFECTED PRODUCTS

vendor:	oracle	model:	demantra demand management	scope:	eq	version:	7.3.1.5.2	Trust: 2.1
vendor:	oracle	model:	supply chain products suite	scope:	eq	version:	7.3.1.5.2	Trust: 0.6

sources: CNVD: CNVD-2019-24952 // BID: 109241 // JVNDB: JVNDB-2019-006870 // NVD: CVE-2019-2733

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-2733
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-2733
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2019-24952
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201907-922
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2019-2733
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-24952
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-2733
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-24952 // JVNDB: JVNDB-2019-006870 // CNNVD: CNNVD-201907-922 // NVD: CVE-2019-2733

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-284	Trust: 0.8

sources: JVNDB: JVNDB-2019-006870 // NVD: CVE-2019-2733

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-922

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201907-922

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-006870

PATCH

title:	Oracle Critical Patch Update Advisory - July 2019	url:	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	Trust: 0.8
title:	Text Form of Oracle Critical Patch Update - July 2019 Risk Matrices	url:	https://www.oracle.com/technetwork/security-advisory/cpujul2019verbose-5072838.html	Trust: 0.8
title:	Patch for Oracle Demantra Demand Management Arbitrary File Execution Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/172247	Trust: 0.6
title:	Oracle Supply Chain Products Suite Demantra Demand Management Fixes for component security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94959	Trust: 0.6

sources: CNVD: CNVD-2019-24952 // JVNDB: JVNDB-2019-006870 // CNNVD: CNNVD-201907-922

EXTERNAL IDS

db:	NVD	id:	CVE-2019-2733	Trust: 3.3
db:	BID	id:	109241	Trust: 1.5
db:	JVNDB	id:	JVNDB-2019-006870	Trust: 0.8
db:	CNVD	id:	CNVD-2019-24952	Trust: 0.6
db:	CNNVD	id:	CNNVD-201907-922	Trust: 0.6

sources: CNVD: CNVD-2019-24952 // BID: 109241 // JVNDB: JVNDB-2019-006870 // CNNVD: CNNVD-201907-922 // NVD: CVE-2019-2733

REFERENCES

url:	http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-2733	Trust: 1.4
url:	https://www.securityfocus.com/bid/109241	Trust: 1.2
url:	http://www.oracle.com/index.html	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-2733	Trust: 0.8

sources: CNVD: CNVD-2019-24952 // BID: 109241 // JVNDB: JVNDB-2019-006870 // CNNVD: CNNVD-201907-922 // NVD: CVE-2019-2733

CREDITS

Or Hanuka of Motorola Solutions and Tzachy Horesh of Motorola Solutions

Trust: 0.9

sources: BID: 109241 // CNNVD: CNNVD-201907-922

SOURCES

db:	CNVD	id:	CNVD-2019-24952
db:	BID	id:	109241
db:	JVNDB	id:	JVNDB-2019-006870
db:	CNNVD	id:	CNNVD-201907-922
db:	NVD	id:	CVE-2019-2733

LAST UPDATE DATE

2024-11-23T22:44:56.909000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-24952	date:	2019-07-30T00:00:00
db:	BID	id:	109241	date:	2019-07-16T00:00:00
db:	JVNDB	id:	JVNDB-2019-006870	date:	2019-07-29T00:00:00
db:	CNNVD	id:	CNNVD-201907-922	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-2733	date:	2024-11-21T04:41:26.617

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-24952	date:	2019-07-30T00:00:00
db:	BID	id:	109241	date:	2019-07-16T00:00:00
db:	JVNDB	id:	JVNDB-2019-006870	date:	2019-07-29T00:00:00
db:	CNNVD	id:	CNNVD-201907-922	date:	2019-07-16T00:00:00
db:	NVD	id:	CVE-2019-2733	date:	2019-07-23T23:15:37.960