Information Disclosure Vulnerability in Oracle E-Business Suite Attachments
CVE-2018-3244
5.3MEDIUM
Summary
A vulnerability exists in the Oracle Application Object Library component of Oracle E-Business Suite, specifically within the Attachments and File Upload functionality. This weakness allows unauthenticated attackers with network access over HTTP to potentially compromise system integrity. If successfully exploited, attackers may gain unauthorized privileges to update, insert, or delete data within the Oracle Application Object Library, impacting sensitive information management.
Affected Version(s)
Application Object Library 12.1.3
Application Object Library 12.2.3
Application Object Library 12.2.4
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved