Vulnerability in Oracle Financial Services Applications User Interface
CVE-2018-2682

6.1MEDIUM

Key Information:

Vendor

Oracle
Status
Financial Services Liquidity Risk Management
Vendor
CVE Published:
18 January 2018

What is CVE-2018-2682?

A vulnerability exists within the User Interface of the Oracle Financial Services Liquidity Risk Management, allowing unauthenticated attackers with network access via HTTP to exploit the system. Successful exploitation requires human interaction from a third-party user. This may lead to unauthorized access, permitting attackers to update, insert, or delete information, as well as unauthorized reading of data within the application's scope. While the vulnerability primarily affects the Liquidity Risk Management component, its impact could extend to other interconnected Oracle Financial Services products.

Affected Version(s)

Financial Services Liquidity Risk Management 8.0.x

References

http://www.oracle.com/technetwork/security-advisory/cpuja...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1040214
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/102657
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.