Oracle Financial Services Applications User Interface Vulnerability
CVE-2018-2723

8.1HIGH

Key Information:

Vendor

Oracle
Status
Financial Services Asset Liability Management
Vendor
CVE Published:
18 January 2018

What is CVE-2018-2723?

This vulnerability exists in the User Interface of Oracle Financial Services Asset Liability Management and affects versions 6.1.x and 8.0.x. It allows attackers with low privileges and network access through HTTP to gain unauthorized control over critical data. Such attacks could lead to the creation, deletion, or modification of data, posing significant risks to data integrity and confidentiality. Organizations using this application should ensure they apply the necessary patches to mitigate these risks.

Affected Version(s)

Financial Services Asset Liability Management 6.1.x

Financial Services Asset Liability Management 8.0.x

References

http://www.oracle.com/technetwork/security-advisory/cpuja...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1040214
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/102601
vdb-entryx_refsource_BID

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.