Lucene search

K
cve[email protected]CVE-2018-2806
HistoryApr 19, 2018 - 2:29 a.m.

CVE-2018-2806

2018-04-1902:29:04
web.nvd.nist.gov
25
cve-2018-2806
oracle
fusion middleware
vulnerability
outside in technology
http
unauthenticated
exploitable
network access
dos

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L

6.4 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.9%

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L).

Affected configurations

Vulners
NVD
Node
oracleoutside_in_technologyRange8.5.3
VendorProductVersionCPE
oracleoutside_in_technology*cpe:2.3:a:oracle:outside_in_technology:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Outside In Technology",
    "vendor": "Oracle Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "8.5.3"
      }
    ]
  }
]

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L

6.4 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.9%