Vulnerability in Oracle E-Business Suite Human Resources Allows Unauthorized Data Access
CVE-2018-2870

9.1CRITICAL

Key Information:

Vendor
Oracle
Status
Human Resources
Vendor
CVE Published:
19 April 2018

Summary

The vulnerability in the Oracle Human Resources component of Oracle E-Business Suite allows an unauthenticated attacker to exploit network access via HTTP. This security flaw enables unauthorized creation, deletion, or modification of critical data within the Human Resources module. Attackers can gain complete access to sensitive information, undermining the integrity and confidentiality of the system's data. Addressing this vulnerability is essential for protecting critical organizational data.

Affected Version(s)

Human Resources 12.1.1

Human Resources 12.1.2

Human Resources 12.1.3

References

http://www.securitytracker.com/id/1040694
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuap...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/103829
vdb-entryx_refsource_BID

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.