Vulnerability in Oracle Adaptive Access Manager Component of Oracle Fusion Middleware
CVE-2018-2770

7.6HIGH

Key Information:

Vendor
Oracle
Status
Adaptive Access Manager
Vendor
CVE Published:
19 April 2018

Summary

The Oracle Adaptive Access Manager component within Oracle Fusion Middleware is susceptible to a vulnerability that allows a low-privileged attacker with network access via HTTP to compromise its integrity. The exploitation of this vulnerability requires human interaction from an unsuspecting user, escalating the potential for unauthorized access to critical data. This can lead to complete access to all data managed by Oracle Adaptive Access Manager, including unauthorized updates, inserts, or deletions of data. The implications of this vulnerability extend beyond its immediate environment, potentially affecting other products leveraging Oracle Adaptive Access Manager.

Affected Version(s)

Adaptive Access Manager 11.1.2.3.0

References

http://www.securitytracker.com/id/1040695
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuap...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/103806
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.6
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.