Unauthorized Access Vulnerability in Oracle Financial Services Applications
CVE-2018-2712

6.1MEDIUM

Key Information:

Vendor
Oracle
Status
Financial Services Loan Loss Forecasting And Provisioning
Vendor
CVE Published:
18 January 2018

Summary

An exploit in Oracle Financial Services Loan Loss Forecasting and Provisioning can allow an unauthenticated attacker with network access via HTTP to manipulate sensitive data. The vulnerability enables unauthorized updates, inserts, or deletions and may lead to unauthorized read access to some accessible data. The attack requires human interaction from a third party, heightening the risk of significant impacts on various products beyond the initial target.

Affected Version(s)

Financial Services Loan Loss Forecasting and Provisioning 8.0.x

References

http://www.oracle.com/technetwork/security-advisory/cpuja...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1040214
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/102660
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.