Unauthenticated Access Vulnerability in Oracle E-Business Suite by Oracle
CVE-2018-2871

9.1CRITICAL

Key Information:

Vendor
Oracle
Status
Human Resources
Vendor
CVE Published:
19 April 2018

Summary

An unauthenticated access vulnerability in the Oracle Human Resources component of Oracle E-Business Suite enables attackers with network access via HTTP to exploit the system. This vulnerability allows unauthorized creation, deletion, or modification of critical data within the Oracle Human Resources module. A successful exploit results in potential access to all data within the affected Oracle Human Resources components, raising serious concerns for data integrity and confidentiality.

Affected Version(s)

Human Resources 12.1.1

Human Resources 12.1.2

Human Resources 12.1.3

References

http://www.securitytracker.com/id/1040694
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuap...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/103834
vdb-entryx_refsource_BID

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.