Oracle E-Business Suite Vulnerability in User Management Component
CVE-2018-2684

4.9MEDIUM

Key Information:

Vendor

Oracle
Status
User Management
Vendor
CVE Published:
18 January 2018

What is CVE-2018-2684?

A vulnerability in the Oracle User Management component allows attackers with high privileges and network access via HTTP to exploit flaws in the registration process. This easily exploitable vulnerability can provide unauthorized access to sensitive data and potentially grant the attacker full control over all accessible information within Oracle User Management modules. It is crucial for organizations to apply the necessary security updates to safeguard their systems and data from potential breaches.

Affected Version(s)

User Management 12.1.3

User Management 12.2.3

User Management 12.2.4

References

http://www.oracle.com/technetwork/security-advisory/cpuja...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1040201
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/102649
vdb-entryx_refsource_BID

CVSS V3.1

Score:
4.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.