Unauthorized Access Vulnerability in Oracle Enterprise Manager Products Suite
CVE-2018-2976

8.2HIGH

Key Information:

Vendor
Oracle
Status
Enterprise Manager Ops Center
Vendor
CVE Published:
18 July 2018

Summary

A vulnerability exists within the Enterprise Manager Ops Center of Oracle's Enterprise Manager Products Suite that can be easily exploited. An unauthenticated attacker with network access through HTTP can compromise the Enterprise Manager Ops Center. Successful exploitation can lead to unauthorized access to sensitive information and complete control over accessible data, including the ability to update, insert, or delete records. This poses serious risks to the confidentiality and integrity of the data managed by the Ops Center, making it crucial for organizations using affected versions to apply security updates.

Affected Version(s)

Enterprise Manager Ops Center 12.2.2

References

http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/104796
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1041308
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.