Vulnerability in Oracle Financial Services Profitability Management Affecting User Interface
CVE-2018-2670

6.1MEDIUM

Key Information:

Vendor

Oracle
Status
Financial Services Profitability Management
Vendor
CVE Published:
18 January 2018

What is CVE-2018-2670?

A vulnerability exists in the Oracle Financial Services Profitability Management component, specifically within the User Interface. This issue allows unauthenticated attackers to exploit the system via HTTP, requiring human interaction for successful execution. Although the vulnerability is confined to Profitability Management, compromised systems may lead to wider impacts on other connected products. Successful exploitation can enable unauthorized updates, inserts, or deletions of sensitive data, as well as access to confidential information that is otherwise protected.

Affected Version(s)

Financial Services Profitability Management 6.1.x

Financial Services Profitability Management 8.0.x

References

http://www.securityfocus.com/bid/102676
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuja...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1040214
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.