User Interface Vulnerability in Oracle Financial Services Applications
CVE-2018-2679

8.1HIGH

Key Information:

Vendor
Oracle
Status
Financial Services Profitability Management
Vendor
CVE Published:
18 January 2018

Summary

An exploitable vulnerability exists in the User Interface of Oracle Financial Services Profitability Management, allowing low-privileged attackers with network access via HTTP to gain unauthorized control. This can lead to unauthorized creation, deletion, or modification of sensitive data, posing significant risks to data integrity and confidentiality. The affected versions, 6.1.x and 8.0.x, are susceptible to attacks that can access all data managed by Oracle Financial Services Profitability Management, making it critical for organizations to apply necessary patches and safeguard their information.

Affected Version(s)

Financial Services Profitability Management 6.1.x

Financial Services Profitability Management 8.0.x

References

http://www.oracle.com/technetwork/security-advisory/cpuja...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1040214
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/102675
vdb-entryx_refsource_BID

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.