High Privilege Vulnerability in Oracle Agile Product Lifecycle Management for Process
CVE-2018-3069

2.7LOW

Key Information:

Vendor: Oracle
Status: Agile Product Lifecycle Management For Process
Vendor: CVE Published:; 18 July 2018

Summary

A vulnerability exists in Oracle Agile Product Lifecycle Management for Process where high-privileged attackers with network access via HTTP can compromise the system. This allows them to gain unauthorized read access to sensitive data contained within Oracle Agile PLM. The affected version, 6.2.0.0, demonstrates a significant risk, as attackers can exploit this vulnerability with relatively low effort, posing a serious threat to data confidentiality and integrity.

Affected Version(s)

Agile Product Lifecycle Management for Process 6.2.0.0

References

http://www.oracle.com/technetwork/security-advisory/cpuju...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/104770

vdb-entryx_refsource_BID

CVSS V3.1

Score:

2.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 18, 2018
Vulnerability Reserved
Dec 15, 2017