Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L).
{"id": "CVE-2018-2768", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2018-2768", "description": "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L).", "published": "2018-04-19T02:29:00", "modified": "2019-10-03T00:03:00", "epss": [{"cve": "CVE-2018-2768", "epss": 0.0102, "percentile": 0.81666, "modified": "2023-06-07"}], "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 4.2}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2768", "reporter": "secalert_us@oracle.com", "references": ["http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", "http://www.securitytracker.com/id/1040695", "http://www.securityfocus.com/bid/103815"], "cvelist": ["CVE-2018-2768"], "immutableFields": [], "lastseen": "2023-06-07T14:52:04", "viewCount": 24, "enchantments": {"dependencies": {"references": [{"type": "ibm", "idList": ["0AC7DE991DF402831E8AD32E4C18270626833A138940F88E5E06E77DEC0B4EE8", "2A84C7580EAED7276A9993E833138AE80A43F567508BEBF1A41E640D7981916B"]}, {"type": "mscve", "idList": ["MS:ADV180010"]}, {"type": "nessus", "idList": ["SMB_NT_MS18_OOB_JUN_EXCHANGE.NASL"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2018"]}]}, "score": {"value": 4.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "ibm", "idList": ["2A84C7580EAED7276A9993E833138AE80A43F567508BEBF1A41E640D7981916B"]}, {"type": "mscve", "idList": ["MS:ADV180010"]}, {"type": "nessus", "idList": ["SMB_NT_MS18_OOB_JUN_EXCHANGE.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310882953"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2018-3678067"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "oracle outside in technology", "version": 8}]}, "epss": [{"cve": "CVE-2018-2768", "epss": 0.01114, "percentile": 0.82445, "modified": "2023-05-06"}], "vulnersScore": 4.0}, "_state": {"dependencies": 1686150426, "score": 1686149893, "affected_software_major_version": 0, "epss": 0}, "_internal": {"score_hash": "37926a21561db09aec6b120714ed5cb9"}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": ["cpe:/a:oracle:outside_in_technology:8.5.3"], "cpe23": ["cpe:2.3:a:oracle:outside_in_technology:8.5.3:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-noinfo"], "affectedSoftware": [{"cpeName": "oracle:outside_in_technology", "version": "8.5.3", "operator": "eq", "name": "oracle outside in technology"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:oracle:outside_in_technology:8.5.3:*:*:*:*:*:*:*", "cpe_name": []}]}]}, "extraReferences": [{"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", "refsource": "CONFIRM", "tags": ["Patch", "Vendor Advisory"]}, {"url": "http://www.securitytracker.com/id/1040695", "name": "1040695", "refsource": "SECTRACK", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "http://www.securityfocus.com/bid/103815", "name": "103815", "refsource": "BID", "tags": ["Third Party Advisory", "VDB Entry"]}], "product_info": [{"vendor": "Oracle Corporation", "product": "Outside In Technology"}], "solutions": [], "workarounds": [], "impacts": [], "problemTypes": [{"descriptions": [{"description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology.", "lang": "en", "type": "text"}]}], "exploits": []}
{"ibm": [{"lastseen": "2023-02-21T21:48:22", "description": "## Summary\n\nSecurity Bulletin: Multiple vulnerabilities may affect Oracle Outside In Technology (OIT) Version 8.5.3 used by IBM FileNet Content Manager and IBM Content Foundation. \nOracle OIT issues disclosed in the Oracle April 2018 Critical Patch Update.\n\n## Vulnerability Details\n\n**Advisory CVEs: **\n\n**CVEID:** [_CVE-2018-2768_](<https://vulners.com/cve/CVE-2018-2768>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component could allow an unauthenticated attacker to cause high confidentiality impact, no integrity impact, and low availability impact. \nCVSS Base Score: 7.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/141924_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141924>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2801_](<https://vulners.com/cve/CVE-2018-2801>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Image Export SDK component could allow an unauthenticated attacker to cause high confidentiality impact, no integrity impact, and low availability impact. \nCVSS Base Score: 7.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/141957_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141957>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2806_](<https://vulners.com/cve/CVE-2018-2806>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component could allow an unauthenticated attacker to cause high confidentiality impact, no integrity impact, and low availability impact. \nCVSS Base Score: 7.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/141962_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141962>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L)\n\n## Affected Products and Versions\n\nFileNet Content Manager 5.2.1, 5.5.0 \nIBM Content Foundation 5.2.1, 5.5.0\n\n## Remediation/Fixes\n\nTo resolve these vulnerabilities, install one of the patch sets listed below to upgrade Oracle Outside In Technology (OIT) to the April 2018 v8.5.3 patch 27695571 release.\n\n**Product** | **VRMF** | **APAR** | **Remediation/First Fix** \n---|---|---|--- \nFileNet Content Manager | 5.2.1 \n \n5.5.0 | [_PJ45337_](<http://www.ibm.com/support/docview.wss?uid=swg1PPJ45337>) \n[_PJ45338_](<http://www.ibm.com/support/docview.wss?uid=swg1PPJ45338>) \n[_PJ45337_](<http://www.ibm.com/support/docview.wss?uid=swg1PPJ45337>) \n[_PJ45338_](<http://www.ibm.com/support/docview.wss?uid=swg1PPJ45338>) | [_5.2.1.7-P8CPE-IF002_](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=FileNet%20Product%20Family&product=ibm/Information+Management/FileNet+Content+Engine&release=5.2.1.7&platform=All&function=all>) \\- 5/24/2018 \n[_5.2.1.7-P8CSS-IF002_](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=FileNet%20Product%20Family&product=ibm/Information+Management/FileNet+Content+Search+Services&release=5.2.1.7&platform=All&function=all>) \\- 5/24/2018 \n5.5.1.0-P8CPE - 6/28/2018 \n5.5.1.0-P8CSS - 6/28/2018 \nIBM Content Foundation | 5.2.1 \n \n5.5.0 | [_PJ45337_](<http://www.ibm.com/support/docview.wss?uid=swg1PPJ45337>) \n[_PJ45338_](<http://www.ibm.com/support/docview.wss?uid=swg1PPJ45338>) \n[_PJ45337_](<http://www.ibm.com/support/docview.wss?uid=swg1PPJ45337>) \n[_PJ45338_](<http://www.ibm.com/support/docview.wss?uid=swg1PPJ45338>) | [_5.2.1.7-P8CPE-IF002_](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=FileNet%20Product%20Family&product=ibm/Information+Management/FileNet+Content+Engine&release=5.2.1.7&platform=All&function=all>) \\- 5/24/2018 \n[_5.2.1.7-P8CSS-IF002_](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=FileNet%20Product%20Family&product=ibm/Information+Management/FileNet+Content+Search+Services&release=5.2.1.7&platform=All&function=all>) \\- 5/24/2018 \n5.5.1.0-P8CPE - 6/28/2018 \n5.5.1.0-P8CSS - 6/28/2018 \n \n \nIn the above table, the APAR links will provide more information about the fix. \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 4.2}, "published": "2018-08-17T09:36:22", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities may affect Oracle Outside In Technology (OIT) Version 8.5.3 used by IBM FileNet Content Manager and IBM Content Foundation", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2768", "CVE-2018-2801", "CVE-2018-2806"], "modified": "2018-08-17T09:36:22", "id": "2A84C7580EAED7276A9993E833138AE80A43F567508BEBF1A41E640D7981916B", "href": "https://www.ibm.com/support/pages/node/715201", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-05-04T15:10:03", "description": "## Summary\n\nIBM Rational DOORS Next Generation\u00ae is affected by multiple vulnerabilities in the Oracle Outside In Technology\u00ae that is used as a component.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-2768](<https://vulners.com/cve/CVE-2018-2768>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component could allow an unauthenticated attacker to cause high confidentiality impact, no integrity impact, and low availability impact. \nCVSS Base Score: 7.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141924> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L)\n\n**CVEID:** [CVE-2018-2801](<https://vulners.com/cve/CVE-2018-2801>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Image Export SDK component could allow an unauthenticated attacker to cause high confidentiality impact, no integrity impact, and low availability impact. \nCVSS Base Score: 7.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141957> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L)\n\n**CVEID:** [CVE-2018-2806](<https://vulners.com/cve/CVE-2018-2806>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Fusion Middleware related to the Outside In Technology Outside In Filters component could allow an unauthenticated attacker to cause high confidentiality impact, no integrity impact, and low availability impact. \nCVSS Base Score: 7.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141962> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L)\n\n## Affected Products and Versions\n\nRational DOORS Next Generation 6.0.5\n\nPrevious versions are not affected\n\n## Remediation/Fixes\n\nFor Rational DOORS Next Generation 6.0.5, a fix is available by upgrading to 6.0.5 iFix006 or later \n[_Rational DOORS Next Generation 6.0.5 iFix006_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+DOORS+Next+Generation&release=6.0.5&platform=All&function=all>) \n \nFor any prior versions of the products listed above, IBM reccomends upgrading to a fixed, supported version/release/platform of the product. \n \nIf the iFix is not found in the iFix Portal please contact IBM support.\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 4.2}, "published": "2021-04-28T18:35:50", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in Oracle Outside In Technology affect IBM Rational DOORS Next Generation (CVE-2018-2768, CVE-2018-2801, CVE-2018-2806)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2768", "CVE-2018-2801", "CVE-2018-2806"], "modified": "2021-04-28T18:35:50", "id": "0AC7DE991DF402831E8AD32E4C18270626833A138940F88E5E06E77DEC0B4EE8", "href": "https://www.ibm.com/support/pages/node/715275", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}], "nessus": [{"lastseen": "2023-05-18T14:28:46", "description": "The Microsoft Exchange Server installed on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities", "cvss3": {}, "published": "2018-06-22T00:00:00", "type": "nessus", "title": "Security Updates for Exchange (Jun 2018)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2768", "CVE-2018-2801", "CVE-2018-2806"], "modified": "2019-11-04T00:00:00", "cpe": ["cpe:/a:microsoft:exchange_server"], "id": "SMB_NT_MS18_OOB_JUN_EXCHANGE.NASL", "href": "https://www.tenable.com/plugins/nessus/110642", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110642);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/11/04\");\n\n script_cve_id(\"CVE-2018-2768\", \"CVE-2018-2801\", \"CVE-2018-2806\");\n script_bugtraq_id(103815, 103816, 103819);\n\n script_name(english:\"Security Updates for Exchange (Jun 2018)\");\n script_summary(english:\"Checks for Microsoft security updates.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Exchange Server installed on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Exchange Server installed on the remote host\nis missing security updates. It is, therefore, affected by\nmultiple vulnerabilities\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180010\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?819cd7a6\");\n # http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?76507bf8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue:\n -KB4295699\n -KB4099855\n -KB4099852\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-2768\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:exchange_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_exchange_installed.nbin\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nappname = 'Microsoft Exchange';\nport = kb_smb_transport();\n\nkbs = [\n 'KB4295699',\n 'KB4099855',\n 'KB4099852'\n];\n\nreport = '';\n\n# Check install and determine fixed version\ninstall = get_single_install(app_name:appname);\n\npath = install[\"path\"];\nversion = install[\"version\"];\nrelease = install[\"RELEASE\"];\n\nif (release != 140 && release != 150 && release != 151)\n audit(AUDIT_INST_VER_NOT_VULN, appname, version);\n\nif (!empty_or_null(install[\"SP\"]))\n sp = install[\"SP\"];\nif (!empty_or_null(install[\"CU\"]))\n cu = install[\"CU\"];\n\nif (release == 140) # Exchange Server 2010 SP3\n{\n fixedver = \"14.3.411.0\";\n kb = kbs[0];\n}\nelse if (release == 150) # Exchange Server 2013\n{\n fixedver = \"15.0.1395.4\";\n kb = kbs[1];\n}\nelse if (release == 151) # Exchange Server 2016\n{\n fixedver = \"15.1.1531.3\";\n kb = kbs[2];\n}\n\nif (!fixedver)\n audit(AUDIT_HOST_NOT, 'affected');\n\n\n# Check version of binary to verify\nif ( hcf_init == 0 )\n{\n if(hotfix_check_fversion_init() != HCF_OK)\n exit(0, \"Could not start an SMB session\");\n}\n\ndir_path = hotfix_append_path(path:path, value:'Bin');\nexe_path = hotfix_append_path(path:dir_path, value:'ExSetup.exe');\n\nif ( hotfix_file_exists(path:exe_path) &&\n hotfix_check_fversion(file:\"ExSetup.exe\", path:dir_path, version:fixedver) == HCF_OLDER )\n{\n report =\n '\\n Path : ' + exe_path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixedver +\n '\\n Patch : ' + kb +\n '\\n';\n}\nhotfix_check_fversion_end();\n\nif ( report != '' )\n security_report_v4(port:port, severity:SECURITY_WARNING, extra:report);\nelse\n audit(AUDIT_INST_VER_NOT_VULN, appname);\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "mscve": [{"lastseen": "2023-06-07T15:23:57", "description": "Microsoft Exchange Server contains some elements of the Oracle Outside In libraries. The June 19, 2018 releases of Microsoft Exchange Server contain fixes to the following vulnerabilities, which are described in:\n\n * [Oracle Critical Patch Update Advisory - April 2018](<http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html>): CVE-2018-2768, CVE-2018-2806, CVE-2018-2801.\n\nThe following software releases include updates to address the identified vulnerabilities. Product versions or releases that are not listed are past their support life cycle or must be updated to the appropriate June 19, 2018 release of Microsoft Exchange Server to receive the fixes for these vulnerabilities.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 4.2}, "published": "2018-06-19T07:00:00", "type": "mscve", "title": "June 2018 Oracle Outside In Library Security Update", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2768", "CVE-2018-2801", "CVE-2018-2806"], "modified": "2018-06-19T07:00:00", "id": "MS:ADV180010", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV180010", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}], "oracle": [{"lastseen": "2023-06-07T15:05:52", "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n * Critical Patch Updates, Security Alerts and Bulletins for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.**\n\nThis Critical Patch Update contains 255 new security fixes across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ April 2018 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/epmos/faces/DocumentDisplay?id=2383583.1>).\n\nThe January 2018 Critical Patch Update provided patches in response to the Spectre (CVE-2017-5753, CVE-2017-5715) and Meltdown (CVE-2017-5754) processor vulnerabilities. Please refer to this Advisory and the Addendum to the January 2018 Critical Patch Update Advisory for Spectre and Meltdown MOS note ([Doc ID 2347948.1](<https://support.oracle.com/epmos/faces/DocumentDisplay?id=2347948.1>)) for information on how to obtain these patches.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-04-17T00:00:00", "type": "oracle", "title": "Oracle Critical Patch Update - April 2018", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1768", "CVE-2014-0054", "CVE-2015-7501", "CVE-2015-7940", "CVE-2016-0635", "CVE-2016-2177", "CVE-2016-2178", "CVE-2016-2179", "CVE-2016-2180", "CVE-2016-2181", "CVE-2016-2182", "CVE-2016-2183", "CVE-2016-3092", "CVE-2016-3506", "CVE-2016-5007", "CVE-2016-5019", "CVE-2016-6302", "CVE-2016-6303", "CVE-2016-6304", "CVE-2016-6305", "CVE-2016-6306", "CVE-2016-6307", "CVE-2016-6308", "CVE-2016-6309", "CVE-2016-6814", "CVE-2016-7052", "CVE-2016-8745", "CVE-2016-9878", "CVE-2017-10393", "CVE-2017-10400", "CVE-2017-12617", "CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-15095", "CVE-2017-15707", "CVE-2017-17562", "CVE-2017-3735", "CVE-2017-3736", "CVE-2017-3737", "CVE-2017-3738", "CVE-2017-5645", "CVE-2017-5662", "CVE-2017-5664", "CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754", "CVE-2017-7525", "CVE-2017-7674", "CVE-2017-7805", "CVE-2017-9798", "CVE-2018-0739", "CVE-2018-2563", "CVE-2018-2572", "CVE-2018-2587", "CVE-2018-2628", "CVE-2018-2718", "CVE-2018-2737", "CVE-2018-2738", "CVE-2018-2739", "CVE-2018-2742", "CVE-2018-2746", "CVE-2018-2747", "CVE-2018-2748", "CVE-2018-2749", "CVE-2018-2750", "CVE-2018-2752", "CVE-2018-2753", "CVE-2018-2754", "CVE-2018-2755", "CVE-2018-2756", "CVE-2018-2758", "CVE-2018-2759", "CVE-2018-2760", "CVE-2018-2761", "CVE-2018-2762", "CVE-2018-2763", "CVE-2018-2764", "CVE-2018-2765", "CVE-2018-2766", "CVE-2018-2768", "CVE-2018-2769", "CVE-2018-2770", "CVE-2018-2771", "CVE-2018-2772", "CVE-2018-2773", "CVE-2018-2774", "CVE-2018-2775", "CVE-2018-2776", "CVE-2018-2777", "CVE-2018-2778", "CVE-2018-2779", "CVE-2018-2780", "CVE-2018-2781", "CVE-2018-2782", "CVE-2018-2783", "CVE-2018-2784", "CVE-2018-2785", "CVE-2018-2786", "CVE-2018-2787", "CVE-2018-2788", "CVE-2018-2789", "CVE-2018-2790", "CVE-2018-2791", "CVE-2018-2792", "CVE-2018-2793", "CVE-2018-2794", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800", "CVE-2018-2801", "CVE-2018-2802", "CVE-2018-2803", "CVE-2018-2804", "CVE-2018-2805", "CVE-2018-2806", "CVE-2018-2807", "CVE-2018-2808", "CVE-2018-2809", "CVE-2018-2810", "CVE-2018-2811", "CVE-2018-2812", "CVE-2018-2813", "CVE-2018-2814", "CVE-2018-2815", "CVE-2018-2816", "CVE-2018-2817", "CVE-2018-2818", "CVE-2018-2819", "CVE-2018-2820", "CVE-2018-2821", "CVE-2018-2822", "CVE-2018-2823", "CVE-2018-2824", "CVE-2018-2825", "CVE-2018-2826", "CVE-2018-2827", "CVE-2018-2828", "CVE-2018-2829", "CVE-2018-2830", "CVE-2018-2831", "CVE-2018-2832", "CVE-2018-2833", "CVE-2018-2834", "CVE-2018-2835", "CVE-2018-2836", "CVE-2018-2837", "CVE-2018-2838", "CVE-2018-2839", "CVE-2018-2840", "CVE-2018-2841", "CVE-2018-2842", "CVE-2018-2843", "CVE-2018-2844", "CVE-2018-2845", "CVE-2018-2846", "CVE-2018-2847", "CVE-2018-2848", "CVE-2018-2849", "CVE-2018-2850", "CVE-2018-2851", "CVE-2018-2852", "CVE-2018-2853", "CVE-2018-2854", "CVE-2018-2855", "CVE-2018-2856", "CVE-2018-2857", "CVE-2018-2858", "CVE-2018-2859", "CVE-2018-2860", "CVE-2018-2861", "CVE-2018-2862", "CVE-2018-2863", "CVE-2018-2864", "CVE-2018-2865", "CVE-2018-2866", "CVE-2018-2867", "CVE-2018-2868", "CVE-2018-2869", "CVE-2018-2870", "CVE-2018-2871", "CVE-2018-2872", "CVE-2018-2873", "CVE-2018-2874", "CVE-2018-2876", "CVE-2018-2877", "CVE-2018-2878", "CVE-2018-2879", "CVE-2018-7489"], "modified": "2018-12-10T00:00:00", "id": "ORACLE:CPUAPR2018", "href": "https://www.oracle.com/security-alerts/cpuapr2018.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
CVE-2018-2768
