Unauthorized Access Vulnerability in Oracle Enterprise Manager Products Suite
CVE-2018-2976
8.2HIGH
Summary
A vulnerability exists within the Enterprise Manager Ops Center of Oracle's Enterprise Manager Products Suite that can be easily exploited. An unauthenticated attacker with network access through HTTP can compromise the Enterprise Manager Ops Center. Successful exploitation can lead to unauthorized access to sensitive information and complete control over accessible data, including the ability to update, insert, or delete records. This poses serious risks to the confidentiality and integrity of the data managed by the Ops Center, making it crucial for organizations using affected versions to apply security updates.
Affected Version(s)
Enterprise Manager Ops Center 12.2.2
References
CVSS V3.1
Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved