oracle enterprise-manager-ops-center CVE-2019-5443 in Oracle and NetApp Products
Published on July 2, 2019

product logo product logo product logo
A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privileged user it can do anything it wants.

NVD

Weakness Type

What is a Code Injection Vulnerability?

The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

CVE-2019-5443 has been classified to as a Code Injection vulnerability or weakness.


Products Associated with CVE-2019-5443

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-5443 are published in these products:

Oracle Enterprise Manager Ops Center
 
Oracle Http Server
 
Oracle MySQL
 
Oracle Oss Support Tools
 
NetApp Oncommand Insight
 
NetApp Oncommand Unified Manager
 
NetApp Oncommand Workflow Automation
 
NetApp Snapcenter
 

Exploit Probability

EPSS
0.46%
Percentile
63.87%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.