Vulnerability in Oracle Internet Directory of Oracle Fusion Middleware
CVE-2018-2601

8HIGH

Key Information:

Vendor
Oracle
Status
Internet Directory
Vendor
CVE Published:
18 January 2018

Summary

A vulnerability exists in the Oracle Internet Directory component of Oracle Fusion Middleware, specifically within the Oracle Directory Services Manager. This issue is characterized by an improper access control flaw that can potentially allow a highly privileged attacker with network access via HTTP to compromise the Oracle Internet Directory infrastructure. While the vulnerability is contained within the Oracle Internet Directory itself, successful exploitation poses risks that can extend to other integrated products, potentially leading to unauthorized access and significant impacts on system confidentiality, integrity, and availability. Mitigating measures are essential to safeguard your environment from such threats.

Affected Version(s)

Internet Directory 11.1.1.7.0

Internet Directory 11.1.1.9.0

Internet Directory 12.2.1.3.0

References

http://www.oracle.com/technetwork/security-advisory/cpuja...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/102553
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1040208
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.