CVE-2018-2859

Опубликовано: 19 апр. 2018

Источник: nvd

CVSS3: 6.1

CVSS2: 5.8

EPSS Низкий

Описание

Vulnerability in the Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach component of Oracle Financial Services Applications (subcomponent: Portfolio, Attribution). The supported version that is affected is 8.0.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach accessible data as well as unauthorized read access to a subset of Oracle Financial Services Basel Regulatory Capi

Ссылки

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Patch
Vendor Advisory
http://www.securityfocus.com/bid/103827
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040693
Third Party Advisory
VDB Entry
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Patch
Vendor Advisory
http://www.securityfocus.com/bid/103827
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040693
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.0.0.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 64%

0.00463

Низкий

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-jgc3-vr36-f5xr