Vulnerability in Oracle E-Business Suite Affects Oracle Application Object Library
CVE-2018-2804

7.4HIGH

Key Information:

Vendor
Oracle
Status
Application Object Library
Vendor
CVE Published:
19 April 2018

Summary

This vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite allows an unauthenticated attacker with network access to exploit the system. Such exploitation could result in unauthorized creation, deletion, or modification of sensitive data. The affected versions are 12.1.3 and 12.2.x series, posing significant risks to data confidentiality and integrity.

Affected Version(s)

Application Object Library 12.1.3

Application Object Library 12.2.3

Application Object Library 12.2.4

References

http://www.securitytracker.com/id/1040694
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuap...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/103842
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.