Unauthenticated Access Vulnerability in Oracle Financial Services Applications User Interface
CVE-2018-2722

6.1MEDIUM

Key Information:

Vendor

Oracle
Status
Financial Services Price Creation And Discovery
Vendor
CVE Published:
18 January 2018

What is CVE-2018-2722?

This vulnerability affects the Oracle Financial Services Price Creation and Discovery component, allowing unauthenticated attackers with network access via HTTP to compromise the system. While the attack requires human interaction from someone other than the attacker, successful exploitation can lead to unauthorized updates, insertions, or deletions of accessible data. Moreover, it allows unauthorized read access to certain datasets, raising significant security concerns for users of the affected product.

Affected Version(s)

Financial Services Price Creation and Discovery 8.0.5

References

http://www.oracle.com/technetwork/security-advisory/cpuja...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1040214
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/102673
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.