Unauthorized Access in Oracle iLearning by Oracle
CVE-2018-2989

8.2HIGH

Key Information:

Vendor: Oracle
Status: Ilearning
Vendor: CVE Published:; 18 July 2018

Summary

The vulnerability in the Oracle iLearning component permits unauthenticated attackers with network access to compromise the application. By leveraging this flaw, an attacker can gain unauthorized access to sensitive information stored within Oracle iLearning. Although the exploitation requires human interaction from a third party, its implications extend to all data accessible through Oracle iLearning. This could lead to unauthorized updates and deletions, jeopardizing the integrity and confidentiality of crucial data.

Affected Version(s)

iLearning 6.2

References

http://www.securityfocus.com/bid/104792

vdb-entryx_refsource_BID

http://www.oracle.com/technetwork/security-advisory/cpuju...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 18, 2018
Vulnerability Reserved
Dec 15, 2017