Web Server Plugin Vulnerability in Oracle Access Manager by Oracle
CVE-2018-2739

9.3CRITICAL

Key Information:

Vendor

Oracle
Status
Coreid Access
Vendor
CVE Published:
19 April 2018

What is CVE-2018-2739?

An exploitable vulnerability exists in the Web Server Plugin of Oracle Access Manager, which can be exploited by an unauthenticated attacker with network access through HTTP. The attack requires interaction from a user other than the attacker, enabling unauthorized access to sensitive data and permitting modifications or deletions leading to data breaches. This flaw significantly impacts any product that interacts with Oracle Access Manager, underscoring the need for immediate vigilance and remediation for affected systems.

Affected Version(s)

COREid Access 10.1.4.3.0

COREid Access 11.1.2.3.0

COREid Access 12.2.1.3.0

References

http://www.securitytracker.com/id/1040695
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuap...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/103784
vdb-entryx_refsource_BID

CVSS V3.1

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.