Vulnerability in Oracle E-Business Suite's Partner Management Component
CVE-2018-3196

8.2HIGH

Key Information:

Vendor
Oracle
Status
Partner Management
Vendor
CVE Published:
17 October 2018

Summary

A vulnerability has been identified in the Oracle Partner Management component of Oracle E-Business Suite, affecting numerous versions. This flaw enables an unauthenticated attacker with network access via HTTP to exploit the Partner Management system, potentially leading to unauthorized access to sensitive data. While direct exploitation is possible, it necessitates human interaction from a third party. The fallout from successful exploitation can include complete access to all data accessible through Oracle Partner Management and the ability to modify, insert, or delete this data. Organizations using the affected versions should prioritize applying relevant security updates to mitigate the risk associated with this vulnerability. More details can be found in Oracle's security advisory.

Affected Version(s)

Partner Management 12.1.1

Partner Management 12.1.2

Partner Management 12.1.3

References

http://www.securitytracker.com/id/1041897
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuoc...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/105631
vdb-entryx_refsource_BID

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.