Security Vulnerability in Oracle iLearning Component - Oracle
CVE-2018-3146

8.2HIGH

Key Information:

Vendor: Oracle
Status: Ilearning
Vendor: CVE Published:; 17 October 2018

Summary

The Oracle iLearning component has a vulnerability that allows an unauthenticated attacker with network access via HTTP to exploit the system. This may lead to unauthorized access or manipulation of critical data. Notably, the vulnerability requires interaction from a user other than the attacker, enhancing the complexity of the attack. Users of affected versions (6.1 and 6.2) should be aware that successful exploitation can result in unauthorized data access, as well as the ability to insert, update, or delete information within Oracle iLearning. The impact of this vulnerability can extend to other interconnected products, posing further security risks.

Affected Version(s)

iLearning 6.1

iLearning 6.2

References

http://www.securityfocus.com/bid/105646

vdb-entryx_refsource_BID

http://www.oracle.com/technetwork/security-advisory/cpuoc...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 17, 2018
Vulnerability Reserved
Dec 15, 2017