Unauthorized Data Access in Oracle E-Business Suite's Human Resources Component
CVE-2018-2869

5.3MEDIUM

Key Information:

Vendor
Oracle
Status
Human Resources
Vendor
CVE Published:
19 April 2018

Summary

An unauthenticated access vulnerability exists within the Oracle Human Resources component of Oracle E-Business Suite. This issue affects multiple versions, allowing network attackers to exploit the system via HTTP. Successful exploitation can lead to unauthorized read access to sensitive data within the Human Resources component, posing potential risks to confidentiality. Organizations using affected versions should implement necessary security measures to mitigate the risk of exposure.

Affected Version(s)

Human Resources 12.1.1

Human Resources 12.1.2

Human Resources 12.1.3

References

http://www.securitytracker.com/id/1040694
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuap...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/103840
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.