Vulnerability in Oracle Agile Product Lifecycle Management for Process Affecting Oracle Supply Chain Products
CVE-2018-2572

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Agile Product Lifecycle Management For Process
Vendor: CVE Published:; 19 April 2018

Summary

An exploitable access control vulnerability exists in the Oracle Agile Product Lifecycle Management for Process component of Oracle Supply Chain Products Suite. This vulnerability can be exploited by an unauthenticated attacker who has network access via HTTP, allowing them to compromise the product. Successful exploitation may require human interaction from a different user. Key risks include unauthorized modifications, insertions, or deletions of accessible data as well as unauthorized read access to certain sensitive information within Oracle Agile Product Lifecycle Management.

Affected Version(s)

Agile Product Lifecycle Management for Process 6.1.1.6

Agile Product Lifecycle Management for Process 6.2.0.0

Agile Product Lifecycle Management for Process 6.2.1.0

References

http://www.securityfocus.com/bid/103907

vdb-entryx_refsource_BID

http://www.oracle.com/technetwork/security-advisory/cpuap...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 19, 2018
Vulnerability Reserved
Dec 15, 2017