Unauthenticated Access Vulnerability in Oracle E-Business Suite Scripting Component
CVE-2018-2997

8.2HIGH

Key Information:

Vendor
Oracle
Status
Scripting
Vendor
CVE Published:
18 July 2018

Summary

A vulnerability exists in the Oracle Scripting component of Oracle E-Business Suite, affecting versions 12.1.1, 12.1.2, and 12.1.3. This flaw allows an unauthenticated attacker with network access via HTTP to exploit the Oracle Scripting feature, necessitating human action from a user who is not the attacker for successful exploitation. While the primary vulnerability is located in the scripting component, the ramifications of an attack can extend to compromise critical data across additional products. Successful exploitation grants the attacker unauthorized access to sensitive data, potentially allowing them to execute operations such as updating, inserting, or deleting data within Oracle Scripting, thus posing significant risks to data integrity and confidentiality.

Affected Version(s)

Scripting 12.1.1

Scripting 12.1.2

Scripting 12.1.3

References

http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/104835
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1041309
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.