4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
6.6 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
16.7%
Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Platform). Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. While the vulnerability is in Oracle Commerce Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Platform accessible data. CVSS 3.1 Base Score 4.0 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N).
Vendor | Product | Version | CPE |
---|---|---|---|
oracle | commerce_platform | * | cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:* |
oracle | commerce_platform | * | cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:* |
oracle | commerce_platform | * | cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:* |
[
{
"vendor": "Oracle Corporation",
"product": "Commerce Platform",
"cpes": [
"cpe:2.3:a:oracle:commerce_platform:11.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:commerce_platform:11.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*"
],
"versions": [
{
"version": "11.3.0",
"status": "affected"
},
{
"version": "11.3.1",
"status": "affected"
},
{
"version": "11.3.2",
"status": "affected"
}
]
}
]
4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
6.6 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
16.7%