9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
8.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:C/I:P/A:N
0.021 Low
EPSS
Percentile
89.0%
Vulnerability in the Oracle Trade Management product of Oracle E-Business
Suite (component: User Interface). Supported versions that are affected are
12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability
allows unauthenticated attacker with network access via HTTP to compromise
Oracle Trade Management. Successful attacks of this vulnerability can
result in unauthorized creation, deletion or modification access to
critical data or all Oracle Trade Management accessible data as well as
unauthorized access to critical data or complete access to all Oracle Trade
Management accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and
Integrity impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
Author | Note |
---|---|
leosilva | since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. |
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
8.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:C/I:P/A:N
0.021 Low
EPSS
Percentile
89.0%