Database Vulnerability in Oracle Transportation Management by Oracle
CVE-2018-2823

6.5MEDIUM

Key Information:

Vendor: Oracle
Status: Transportation Management
Vendor: CVE Published:; 19 April 2018

What is CVE-2018-2823?

A vulnerability exists in the Oracle Transportation Management component of Oracle's Supply Chain Products Suite, specifically impacting version 6.4.3. This vulnerability can be easily exploited by low-privileged attackers with network access through HTTP, potentially leading to unauthorized creation, deletion, or modification of critical data within the Oracle Transportation Management system. This poses significant risks, as successful exploitation can allow access to all data that is accessible through the platform, highlighting the need for immediate remediation.

Affected Version(s)

Transportation Management 6.4.3

References

http://www.securityfocus.com/bid/103902

vdb-entryx_refsource_BID

http://www.oracle.com/technetwork/security-advisory/cpuap...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 19, 2018
Vulnerability Reserved
Dec 15, 2017