Unauthenticated Network Vulnerability in Oracle Financial Services Applications
CVE-2018-2859

6.1MEDIUM

Key Information:

Vendor
Oracle
Status
Financial Services Basel Regulatory Capital Internal Ratings Based Approach
Vendor
CVE Published:
19 April 2018

Summary

This vulnerability exists within the Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach component, which is part of the broader suite of Oracle Financial Services Applications. An unauthenticated attacker possessing network access via HTTP may exploit this flaw, potentially leading to unauthorized operations on data, including updates or deletions. The nature of this vulnerability requires interaction from another individual, enhancing its potential for exploitation. While primarily impacting the Basel Regulatory Capital component, successful attacks may also extend their effects to other interconnected products, revealing sensitive information and compromising data integrity.

Affected Version(s)

Financial Services Basel Regulatory Capital Internal Ratings Based Approach 8.0.x

References

http://www.securityfocus.com/bid/103827
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1040693
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuap...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.