Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-3100

Опубликовано: 18 июл. 2018
Источник: nvd
CVSS3: 9.1
CVSS2: 6.4
EPSS Низкий

Описание

Vulnerability in the Oracle Business Process Management Suite component of Oracle Fusion Middleware (subcomponent: Process Analysis & Discovery). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Process Management Suite. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Business Process Management Suite accessible data as well as unauthorized access to critical data or complete access to all Oracle Business Process Management Suite accessible data. CVSS 3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:oracle:business_process_management_suite:11.1.1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*

EPSS

Процентиль: 84%
0.02197
Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

github логотип

GHSA-vw8c-c6mm-8hff

CVSS3: 9.1
github
больше 3 лет назад

Vulnerability in the Oracle Business Process Management Suite component of Oracle Fusion Middleware (subcomponent: Process Analysis & Discovery). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Process Management Suite. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Business Process Management Suite accessible data as well as unauthorized access to critical data or complete access to all Oracle Business Process Management Suite accessible data. CVSS 3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).

fstec логотип

BDU:2018-00944

CVSS3: 9.1
fstec
больше 7 лет назад

Уязвимость компонента Process Analysis & Discovery пакета программ для управления бизнес-процессами Business Process Management Suite, позволяющая нарушителю получить несанкционированный доступ к защищаемым данным

EPSS

Процентиль: 84%
0.02197
Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

NVD-CWE-noinfo