Lucene search

OracleCVE-2018-2765

HistoryApr 19, 2018 - 2:29 a.m.

CVE-2018-2765

2018-04-1902:29:01

oracle

web.nvd.nist.gov

cve-2018-2765

oracle

security service

vulnerability

oracle fusion middleware

ssl api

cvss 3.0

nvd

network access

https

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.3

Confidence

High

EPSS

0.002

Percentile

54.9%

JSON

Vulnerability in the Oracle Security Service component of Oracle Fusion Middleware (subcomponent: Oracle SSL API). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Security Service. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Security Service accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Affected configurations

Nvd

Vulners

Node

oraclesecurity_serviceMatch11.1.1.9.0

oraclesecurity_serviceMatch12.1.3.0.0

oraclesecurity_serviceMatch12.2.1.2.0

oraclesecurity_serviceMatch12.2.1.3.0

VendorProductVersionCPE
oraclesecurity_service11.1.1.9.0cpe:2.3:a:oracle:security_service:11.1.1.9.0:*:*:*:*:*:*:*
oraclesecurity_service12.1.3.0.0cpe:2.3:a:oracle:security_service:12.1.3.0.0:*:*:*:*:*:*:*
oraclesecurity_service12.2.1.2.0cpe:2.3:a:oracle:security_service:12.2.1.2.0:*:*:*:*:*:*:*
oraclesecurity_service12.2.1.3.0cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oracle	security_service	11.1.1.9.0	cpe:2.3:a:oracle:security_service:11.1.1.9.0:::::::*
oracle	security_service	12.1.3.0.0	cpe:2.3:a:oracle:security_service:12.1.3.0.0:::::::*
oracle	security_service	12.2.1.2.0	cpe:2.3:a:oracle:security_service:12.2.1.2.0:::::::*
oracle	security_service	12.2.1.3.0	cpe:2.3:a:oracle:security_service:12.2.1.3.0:::::::*

CNA Affected

[
  {
    "product": "Security Service",
    "vendor": "Oracle Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "11.1.1.9.0"
      },
      {
        "status": "affected",
        "version": "12.1.3.0.0"
      },
      {
        "status": "affected",
        "version": "12.2.1.2.0"
      },
      {
        "status": "affected",
        "version": "12.2.1.3.0"
      }
    ]
  },
  {
    "product": "Database - Enterprise Edition",
    "vendor": "Oracle Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "11.2.0.4"
      },
      {
        "status": "affected",
        "version": "12.1.0.2"
      },
      {
        "status": "affected",
        "version": "12.2.0.1"
      }
    ]
  }
]

References

www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

www.securityfocus.com/bid/103808

www.securitytracker.com/id/1040695

www.oracle.com/security-alerts/cpuoct2020.html

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.3

Confidence

High

EPSS

0.002

Percentile

54.9%

JSON

Related for CVE-2018-2765