Lucene search

OracleCVE-2018-2670

HistoryJan 18, 2018 - 2:29 a.m.

CVE-2018-2670

2018-01-1802:29:22

oracle

web.nvd.nist.gov

cve-2018-2670

oracle financial services

profitability management

vulnerability

security

access

http

cvss 3.0

nvd

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

50.3%

JSON

Vulnerability in the Oracle Financial Services Profitability Management component of Oracle Financial Services Applications (subcomponent: User Interface). Supported versions that are affected are 6.1.x and 8.0.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Profitability Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Profitability Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Profitability Management accessible data as well as unauthorized read access to a subset of Oracle Financial Services Profitability Management accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).

Affected configurations

Nvd

Vulners

Node

oraclefinancial_services_profitability_managementMatch6.1.0.0.0

oraclefinancial_services_profitability_managementMatch6.1.0.2.2

oraclefinancial_services_profitability_managementMatch6.1.1.0.0

oraclefinancial_services_profitability_managementMatch8.0.0.0.0

oraclefinancial_services_profitability_managementMatch8.0.1.0.0

oraclefinancial_services_profitability_managementMatch8.0.2.0.0

oraclefinancial_services_profitability_managementMatch8.0.3.0.0

oraclefinancial_services_profitability_managementMatch8.0.4.0.0

oraclefinancial_services_profitability_managementMatch8.0.5.0.0

VendorProductVersionCPE
oraclefinancial_services_profitability_management6.1.0.0.0cpe:2.3:a:oracle:financial_services_profitability_management:6.1.0.0.0:*:*:*:*:*:*:*
oraclefinancial_services_profitability_management6.1.0.2.2cpe:2.3:a:oracle:financial_services_profitability_management:6.1.0.2.2:*:*:*:*:*:*:*
oraclefinancial_services_profitability_management6.1.1.0.0cpe:2.3:a:oracle:financial_services_profitability_management:6.1.1.0.0:*:*:*:*:*:*:*
oraclefinancial_services_profitability_management8.0.0.0.0cpe:2.3:a:oracle:financial_services_profitability_management:8.0.0.0.0:*:*:*:*:*:*:*
oraclefinancial_services_profitability_management8.0.1.0.0cpe:2.3:a:oracle:financial_services_profitability_management:8.0.1.0.0:*:*:*:*:*:*:*
oraclefinancial_services_profitability_management8.0.2.0.0cpe:2.3:a:oracle:financial_services_profitability_management:8.0.2.0.0:*:*:*:*:*:*:*
oraclefinancial_services_profitability_management8.0.3.0.0cpe:2.3:a:oracle:financial_services_profitability_management:8.0.3.0.0:*:*:*:*:*:*:*
oraclefinancial_services_profitability_management8.0.4.0.0cpe:2.3:a:oracle:financial_services_profitability_management:8.0.4.0.0:*:*:*:*:*:*:*
oraclefinancial_services_profitability_management8.0.5.0.0cpe:2.3:a:oracle:financial_services_profitability_management:8.0.5.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oracle	financial_services_profitability_management	6.1.0.0.0	cpe:2.3:a:oracle:financial_services_profitability_management:6.1.0.0.0:::::::*
oracle	financial_services_profitability_management	6.1.0.2.2	cpe:2.3:a:oracle:financial_services_profitability_management:6.1.0.2.2:::::::*
oracle	financial_services_profitability_management	6.1.1.0.0	cpe:2.3:a:oracle:financial_services_profitability_management:6.1.1.0.0:::::::*
oracle	financial_services_profitability_management	8.0.0.0.0	cpe:2.3:a:oracle:financial_services_profitability_management:8.0.0.0.0:::::::*
oracle	financial_services_profitability_management	8.0.1.0.0	cpe:2.3:a:oracle:financial_services_profitability_management:8.0.1.0.0:::::::*
oracle	financial_services_profitability_management	8.0.2.0.0	cpe:2.3:a:oracle:financial_services_profitability_management:8.0.2.0.0:::::::*
oracle	financial_services_profitability_management	8.0.3.0.0	cpe:2.3:a:oracle:financial_services_profitability_management:8.0.3.0.0:::::::*
oracle	financial_services_profitability_management	8.0.4.0.0	cpe:2.3:a:oracle:financial_services_profitability_management:8.0.4.0.0:::::::*
oracle	financial_services_profitability_management	8.0.5.0.0	cpe:2.3:a:oracle:financial_services_profitability_management:8.0.5.0.0:::::::*

CNA Affected

[
  {
    "product": "Financial Services Profitability Management",
    "vendor": "Oracle Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "6.1.x"
      },
      {
        "status": "affected",
        "version": "8.0.x"
      }
    ]
  }
]

References

www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

www.securityfocus.com/bid/102676

www.securitytracker.com/id/1040214

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

50.3%

JSON

Related for CVE-2018-2670