Security Flaw in Oracle Application Testing Suite by Oracle
CVE-2018-3305

6.3MEDIUM

Key Information:

Vendor: Oracle
Status: Application Testing Suite
Vendor: CVE Published:; 16 January 2019

Summary

A security vulnerability exists in the Oracle Application Testing Suite component within Oracle Enterprise Manager Products Suite, particularly affecting versions 12.5.0.3, 13.1.0.1, 13.2.0.1, and 13.3.0.1. This vulnerability enables a low-privileged attacker with network access via HTTP to compromise the suite, leading to unauthorized data manipulation (insert, update, delete) and unauthorized read access. Additionally, it may allow the attacker to partially disrupt service availability. These risks pose serious threats to the confidentiality and integrity of the information managed by the Oracle Application Testing Suite.

Affected Version(s)

Application Testing Suite 12.5.0.3

Application Testing Suite 13.1.0.1

Application Testing Suite 13.2.0.1

References

http://www.securityfocus.com/bid/106615

vdb-entryx_refsource_BID

http://www.oracle.com/technetwork/security-advisory/cpuja...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 16, 2019
Vulnerability Reserved
Dec 15, 2017