Unauthorized Access Vulnerability in Oracle E-Business Suite Login Component
CVE-2018-2635

4.8MEDIUM

Key Information:

Vendor

Oracle
Status
Application Object Library
Vendor
CVE Published:
18 January 2018

What is CVE-2018-2635?

A vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite could allow an unauthenticated attacker with network access to compromise the system via HTTP. Successful exploitation may lead to unauthorized updates, inserts, or deletions of some accessible data, as well as unauthorized reading of a subset of data. This vulnerability exists in specific versions of the product, making it crucial for organizations using these versions to implement necessary security measures to mitigate risks.

Affected Version(s)

Application Object Library 12.1.3

Application Object Library 12.2.3

Application Object Library 12.2.4

References

http://www.oracle.com/technetwork/security-advisory/cpuja...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1040201
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/102652
vdb-entryx_refsource_BID

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.