Lucene search

K
cve[email protected]CVE-2018-2587
HistoryApr 19, 2018 - 2:29 a.m.

CVE-2018-2587

2018-04-1902:29:00
web.nvd.nist.gov
41
3
cve-2018-2587
oracle access manager
fusion middleware
web server plugin
vulnerability
security
confidentiality
integrity
nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

6.3 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

59.1%

Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). Supported versions that are affected are 10.1.4.3.0, 11.1.2.3.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Access Manager accessible data as well as unauthorized read access to a subset of Oracle Access Manager accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N).

Affected configurations

Vulners
NVD
Node
oracleaccess_managerRange10.1.4.3.0
OR
oracleaccess_managerRange11.1.2.3.0
OR
oracleaccess_managerRange12.2.1.3.0
OR
oracleadaptive_access_managerRange11.1.2.3.0
VendorProductVersionCPE
oracleaccess_manager*cpe:2.3:a:oracle:access_manager:*:*:*:*:*:*:*:*
oracleaccess_manager*cpe:2.3:a:oracle:access_manager:*:*:*:*:*:*:*:*
oracleaccess_manager*cpe:2.3:a:oracle:access_manager:*:*:*:*:*:*:*:*
oracleadaptive_access_manager*cpe:2.3:a:oracle:adaptive_access_manager:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Access Manager",
    "vendor": "Oracle Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "10.1.4.3.0"
      },
      {
        "status": "affected",
        "version": "11.1.2.3.0"
      },
      {
        "status": "affected",
        "version": "12.2.1.3.0"
      }
    ]
  },
  {
    "product": "Adaptive Access Manager",
    "vendor": "Oracle Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "11.1.2.3.0"
      }
    ]
  }
]

Social References

More

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

6.3 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

59.1%

Related for CVE-2018-2587