Oracle E-Business Suite Vulnerability in Oracle Applications Framework
CVE-2018-3243

8.2HIGH

Key Information:

Vendor
Oracle
Status
Applications Framework
Vendor
CVE Published:
17 October 2018

Summary

The Oracle Applications Framework within Oracle E-Business Suite has a vulnerability that allows unauthenticated attackers with network access via HTTP to compromise the framework. Although successful exploitation requires human interaction from a user other than the attacker, the implications of this vulnerability can be severe. It may lead to unauthorized access to sensitive data and allow attackers to perform critical operations, including updating, inserting, or deleting data within the accessible Oracle Applications Framework. This situation poses significant risks to the integrity and confidentiality of the organization's information.

Affected Version(s)

Applications Framework 12.1.3

Applications Framework 12.2.3

Applications Framework 12.2.4

References

http://www.securityfocus.com/bid/105630
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1041897
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuoc...
x_refsource_CONFIRM

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.