User Group Management Vulnerability in Oracle Agile Product Lifecycle Management
CVE-2018-3134

5MEDIUM

Key Information:

Vendor: Oracle
Status: Agile Product Lifecycle Management For Process
Vendor: CVE Published:; 17 October 2018

Summary

A vulnerability exists in the User Group Management component of Oracle Agile Product Lifecycle Management for Process. This issue could allow a low-privileged attacker with system access to manipulate critical data. Exploiting this vulnerability requires human interaction from another user, which could lead to unauthorized creation, deletion, or modification of data within the Oracle Agile system. Additionally, attackers may gain unauthorized reading access to subsets of accessible data, potentially compromising sensitive information handled by Oracle's Supply Chain Products Suite.

Affected Version(s)

Agile Product Lifecycle Management for Process 6.2.0.0

References

http://www.securityfocus.com/bid/105635

vdb-entryx_refsource_BID

http://www.oracle.com/technetwork/security-advisory/cpuoc...

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 17, 2018
Vulnerability Reserved
Dec 15, 2017