Unauthenticated Access Vulnerability in Oracle iProcurement from Oracle Corporation
CVE-2018-3151

7.5HIGH

Key Information:

Vendor
Oracle
Status
Iprocurement
Vendor
CVE Published:
17 October 2018

Summary

A vulnerability exists in the Oracle iProcurement component of Oracle E-Business Suite that allows unauthenticated attackers with network access over HTTP to potentially gain unauthorized access to sensitive data. This exploit affects various versions of the software, enabling attackers to compromise critical data without needing credentials, resulting in significant risks for organizations relying on these versions.

Affected Version(s)

iProcurement 12.1.1

iProcurement 12.1.2

iProcurement 12.1.3

References

http://www.securitytracker.com/id/1041897
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuoc...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/105631
vdb-entryx_refsource_BID

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.