Vulnerability in Oracle Communications Order and Service Management Portal
CVE-2018-2567

6.1MEDIUM

Key Information:

Vendor
Oracle
Status
Communications Order And Service Management
Vendor
CVE Published:
18 January 2018

Summary

This vulnerability exists within the Oracle Communications Order and Service Management component, particularly in its Portal subcomponent. An unauthenticated attacker, with access to the network via HTTP, can exploit this vulnerability to compromise data. While successful exploitation requires human interaction from a source other than the attacker, it can lead to unauthorized access that may allow attackers to update, insert, or delete sensitive data, as well as read protected information. The implications of this security flaw could extend beyond the component itself, potentially impacting additional interconnected systems.

Affected Version(s)

Communications Order and Service Management 7.2.4.1.x

Communications Order and Service Management 7.2.4.2.x

Communications Order and Service Management 7.3.0.x.x

References

http://www.oracle.com/technetwork/security-advisory/cpuja...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1040200
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/102671
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.