User Management Vulnerability in Oracle E-Business Suite
CVE-2018-2691

5.4MEDIUM

Key Information:

Vendor
Oracle
Status
User Management
Vendor
CVE Published:
18 January 2018

Summary

A vulnerability exists in the Oracle User Management component of Oracle E-Business Suite, specifically within the Proxy User Delegation subcomponent. This issue could be exploited by an attacker with low privileges via network access through HTTP. As a result, unauthorized actions such as updating, inserting, or deleting data may occur, alongside unauthorized read access to certain data within Oracle User Management. The affected versions include 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, and 12.2.7.

Affected Version(s)

User Management 12.1.3

User Management 12.2.3

User Management 12.2.4

References

http://www.oracle.com/technetwork/security-advisory/cpuja...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1040201
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/102647
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.