Vulnerability in File Upload of Oracle Argus Safety by Oracle
CVE-2018-2642

6.5MEDIUM

Key Information:

Vendor: Oracle
Status: Argus Safety
Vendor: CVE Published:; 18 January 2018

What is CVE-2018-2642?

A vulnerability exists in the file upload feature of Oracle Argus Safety, which allows a low privileged attacker with network access to exploit the system. Although exploitation requires human interaction from a different user, successful attacks can lead to unauthorized updates, deletions, and access to sensitive data within Oracle Argus Safety. Furthermore, it opens the door to partial denial of service conditions. This vulnerability poses significant risks not only to Argus Safety but potentially to other interconnected applications as well.

Affected Version(s)

Argus Safety 7.x

Argus Safety 8.0.x

References

http://www.oracle.com/technetwork/security-advisory/cpuja...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/102619

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 18, 2018
Vulnerability Reserved
Dec 15, 2017