Security Vulnerability in Oracle Financial Services Applications by Oracle
CVE-2018-2660

7.4HIGH

Key Information:

Vendor
Oracle
Status
Financial Services Analytical Applications Infrastructure
Vendor
CVE Published:
18 January 2018

Summary

The vulnerability in Oracle Financial Services Analytical Applications Infrastructure could be exploited by a low-privileged attacker with HTTP network access. This could lead to unauthorized modifications to accessible data, as well as potential read access to sensitive information. Furthermore, exploitation may result in partial denial of service within the infrastructure, impacting not only the primary product but potentially affecting other services integrated within the Oracle ecosystem.

Affected Version(s)

Financial Services Analytical Applications Infrastructure 7.3.5.x

Financial Services Analytical Applications Infrastructure 8.0.x

References

http://www.securityfocus.com/bid/102677
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuja...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1040214
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.