Oracle Access Manager Vulnerability in Oracle Fusion Middleware
CVE-2018-2587

6.5MEDIUM

Key Information:

Vendor

Oracle
Status
Access Manager
Adaptive Access Manager
Vendor
CVE Published:
19 April 2018

What is CVE-2018-2587?

A vulnerability exists in the Oracle Access Manager component of Oracle Fusion Middleware, specifically affecting versions 10.1.4.3.0, 11.1.2.3.0, and 12.2.1.3.0. This vulnerability can be exploited by unauthenticated attackers with network access via HTTP, enabling them to compromise the Oracle Access Manager. Successful exploitation may lead to unauthorized creation, deletion, or modification of sensitive data, in addition to unauthorized read access to certain datasets accessible through Oracle Access Manager.

Affected Version(s)

Access Manager 10.1.4.3.0

Access Manager 11.1.2.3.0

Access Manager 12.2.1.3.0

References

http://www.securitytracker.com/id/1040695
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/103822
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuap...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.