Unauthenticated Access Vulnerability in Oracle Communications Messaging Server
CVE-2018-2936

6.1MEDIUM

Key Information:

Vendor
Oracle
Status
Communications Convergence
Vendor
CVE Published:
18 July 2018

Summary

An exploitable vulnerability exists in Oracle Communications Messaging Server that can be triggered by an unauthenticated attacker with network access via HTTP. This vulnerability allows the attacker to compromise the Messaging Server, potentially affecting user data. Successful exploitation requires human interaction from an individual other than the attacker. While the vulnerability specifically targets the Messaging Server, its ramifications may extend to other associated products, leading to unauthorized operations such as updates, inserts, and deletions of accessible data. Additionally, it can allow for unauthorized read access to a subset of this data, compromising its confidentiality and integrity.

Affected Version(s)

Communications Convergence 3.x

References

http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1041295
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/104800
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.