CVE-2019-2895 is a vulnerability in Oracle Enterprise Manager
Published on October 16, 2019
Vulnerability in the Enterprise Manager for Exadata product of Oracle Enterprise Manager (component: Exadata Plug-In Deploy and Ins). Supported versions that are affected are 12.1.0.5.0, 13.2.2.0.0, 13.3.1.0.0 and 13.3.2.0.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager for Exadata. Successful attacks of this vulnerability can result in takeover of Enterprise Manager for Exadata. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).
Products Associated with CVE-2019-2895
Want to know whenever a new CVE is published for Oracle Enterprise Manager? stack.watch will email you.
Affected Versions
Oracle Corporation Enterprise Manager for Exadata:- Version 12.1.0.5.0 is affected.
- Version 13.2.2.0.0 is affected.
- Version 13.3.1.0.0 is affected.
- Version 13.3.2.0.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.