Unauthenticated Access Vulnerability in Oracle SuperCluster Software by Oracle
CVE-2018-2932

7.1HIGH

Key Information:

Vendor
Oracle
Status
Supercluster Specific Software
Vendor
CVE Published:
18 July 2018

Summary

A vulnerability in Oracle SuperCluster Specific Software allows unauthenticated attackers with network access to compromise the system, requiring human interaction for successful exploitation. The flaw enables unauthorized access to critical data, along with capabilities to update, insert, or delete data indiscriminately. Additionally, it can lead to service disruptions, including system hangs or crashes, impacting the availability of Oracle SuperCluster Software. Users are advised to upgrade their systems to version 2.5.0 or later to mitigate risks associated with this vulnerability.

Affected Version(s)

SuperCluster Specific Software < 2.5.0

References

http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1041303
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/104812
vdb-entryx_refsource_BID

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.