Oracle Argus Safety Exploitable Vulnerability in Health Sciences Applications
CVE-2018-2643

6.4MEDIUM

Key Information:

Vendor: Oracle
Status: Argus Safety
Vendor: CVE Published:; 18 January 2018

Summary

A vulnerability exists in the Oracle Argus Safety component of Oracle Health Sciences Applications, particularly within the Case Selection subcomponent. This flaw allows a low-privileged attacker with network access via HTTP to compromise the system. Although the vulnerability is confined to Oracle Argus Safety, successful exploitation can lead to unauthorized updates, insertions, or deletions of data, along with unauthorized read access to a subset of accessible information. The affected versions include 7.x and 8.0.x, and it is critical for organizations to understand the potential implications on their data integrity and confidentiality.

Affected Version(s)

Argus Safety 7.x

Argus Safety 8.0.x

References

http://www.oracle.com/technetwork/security-advisory/cpuja...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/102622

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 18, 2018
Vulnerability Reserved
Dec 15, 2017