CVE-2018-2904

6.5MEDIUM

Key Information:

Vendor
Oracle
Status
Communications Eagle Lnp Application Processor
Vendor
CVE Published:
18 July 2018

Summary

Vulnerability in the Oracle Communications EAGLE LNP Application Processor component of Oracle Communications Applications (subcomponent: GUI). The supported version that is affected is 10.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications EAGLE LNP Application Processor. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications EAGLE LNP Application Processor accessible data as well as unauthorized read access to a subset of Oracle Communications EAGLE LNP Application Processor accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).

Affected Version(s)

Communications EAGLE LNP Application Processor 10.x

References

http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1041297
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/104798
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.