Vulnerability in Oracle Financial Services Applications Infrastructure Component
CVE-2018-2661

6.1MEDIUM

Key Information:

Vendor
Oracle
Status
Financial Services Analytical Applications Infrastructure
Vendor
CVE Published:
18 January 2018

Summary

A vulnerability exists in the Oracle Financial Services Analytical Applications Infrastructure that allows an unauthenticated attacker with network access via HTTP to compromise its integrity. Successful exploitation requires human interaction from a third party, which further complicates mitigation efforts. Although the weakness resides within Oracle's infrastructure, its effects can extend to other associated products, potentially allowing attackers unauthorized access to sensitive information, including the ability to read, update, insert, or delete critical data. Organizations utilizing affected versions must prioritize remediation to safeguard their data integrity and confidentiality.

Affected Version(s)

Financial Services Analytical Applications Infrastructure 7.3.5.x

Financial Services Analytical Applications Infrastructure 8.0.x

References

http://www.oracle.com/technetwork/security-advisory/cpuja...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1040214
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/102679
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.