Unauthorized Access Vulnerability in Oracle Enterprise Manager Products Suite
CVE-2018-2742

7.3HIGH

Key Information:

Vendor
Oracle
Status
Enterprise Manager Ops Center
Vendor
CVE Published:
19 April 2018

Summary

An exploitable vulnerability exists in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite, specifically in versions 12.2.2 and 12.3.3. This vulnerability allows unauthenticated attackers with network access via HTTP to gain unauthorized access to critical data. Successful exploitation can lead to unauthorized updates, inserts, or deletions of sensitive information, as well as unauthorized read access to specific data sets. Additionally, this vulnerability can enable attackers to execute partial denial-of-service attacks, impacting the availability of the Enterprise Manager Ops Center.

Affected Version(s)

Enterprise Manager Ops Center 12.2.2

Enterprise Manager Ops Center 12.3.3

References

http://www.oracle.com/technetwork/security-advisory/cpuap...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1040700
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/103866
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.