Oracle Access Manager Vulnerability in Oracle Fusion Middleware
CVE-2018-2587
6.5MEDIUM
Key Information:
- Vendor
- Oracle
- Vendor
- CVE Published:
- 19 April 2018
Summary
A vulnerability exists in the Oracle Access Manager component of Oracle Fusion Middleware, specifically affecting versions 10.1.4.3.0, 11.1.2.3.0, and 12.2.1.3.0. This vulnerability can be exploited by unauthenticated attackers with network access via HTTP, enabling them to compromise the Oracle Access Manager. Successful exploitation may lead to unauthorized creation, deletion, or modification of sensitive data, in addition to unauthorized read access to certain datasets accessible through Oracle Access Manager.
Affected Version(s)
Access Manager 10.1.4.3.0
Access Manager 11.1.2.3.0
Access Manager 12.2.1.3.0
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved