Lucene search

[email protected]CVE-2018-2587

HistoryApr 19, 2018 - 2:29 a.m.

CVE-2018-2587

2018-04-1902:29:00

[email protected]

web.nvd.nist.gov

cve-2018-2587

oracle access manager

fusion middleware

web server plugin

vulnerability

security

confidentiality

integrity

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

6.3 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

59.1%

JSON

Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). Supported versions that are affected are 10.1.4.3.0, 11.1.2.3.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Access Manager accessible data as well as unauthorized read access to a subset of Oracle Access Manager accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N).

Affected configurations

Vulners

NVD

Node

oracleaccess_managerRange≤10.1.4.3.0

oracleaccess_managerRange≤11.1.2.3.0

oracleaccess_managerRange≤12.2.1.3.0

oracleadaptive_access_managerRange≤11.1.2.3.0

VendorProductVersionCPE
oracleaccess_manager*cpe:2.3:a:oracle:access_manager:*:*:*:*:*:*:*:*
oracleaccess_manager*cpe:2.3:a:oracle:access_manager:*:*:*:*:*:*:*:*
oracleaccess_manager*cpe:2.3:a:oracle:access_manager:*:*:*:*:*:*:*:*
oracleadaptive_access_manager*cpe:2.3:a:oracle:adaptive_access_manager:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oracle	access_manager	*	cpe:2.3:a:oracle:access_manager::::::::
oracle	access_manager	*	cpe:2.3:a:oracle:access_manager::::::::
oracle	access_manager	*	cpe:2.3:a:oracle:access_manager::::::::
oracle	adaptive_access_manager	*	cpe:2.3:a:oracle:adaptive_access_manager::::::::

CNA Affected

[
  {
    "product": "Access Manager",
    "vendor": "Oracle Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "10.1.4.3.0"
      },
      {
        "status": "affected",
        "version": "11.1.2.3.0"
      },
      {
        "status": "affected",
        "version": "12.2.1.3.0"
      }
    ]
  },
  {
    "product": "Adaptive Access Manager",
    "vendor": "Oracle Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "11.1.2.3.0"
      }
    ]
  }
]

References

www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

www.securityfocus.com/bid/103822

www.securitytracker.com/id/1040695

www.oracle.com/security-alerts/cpujan2021.html

Social References

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

6.3 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

59.1%

JSON

Related for CVE-2018-2587

prion1 nvd1 cvelist1 f51 nessus1 oracle2