Vulnerability in Oracle E-Business Suite Human Resources Allows Unauthorized Data Access
CVE-2018-2870

9.1CRITICAL

Key Information:

Vendor

Oracle
Status
Human Resources
Vendor
CVE Published:
19 April 2018

What is CVE-2018-2870?

The vulnerability in the Oracle Human Resources component of Oracle E-Business Suite allows an unauthenticated attacker to exploit network access via HTTP. This security flaw enables unauthorized creation, deletion, or modification of critical data within the Human Resources module. Attackers can gain complete access to sensitive information, undermining the integrity and confidentiality of the system's data. Addressing this vulnerability is essential for protecting critical organizational data.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Human Resources 12.1.1

Human Resources 12.1.2

Human Resources 12.1.3

References

http://www.securitytracker.com/id/1040694
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuap...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/103829
vdb-entryx_refsource_BID

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.