CVE-2018-2934

Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Attachments / File Upload). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
References
Link Resource
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html Patch Vendor Advisory
http://www.securityfocus.com/bid/104836 Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1041309 Broken Link Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:oracle:e-business_suite:12.1.3:*:*:*:*:*:*:*

History

15 Feb 2024, 20:37

Type Values Removed Values Added
CWE NVD-CWE-noinfo CWE-665
References () http://www.securityfocus.com/bid/104836 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/104836 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id/1041309 - () http://www.securitytracker.com/id/1041309 - Broken Link, Third Party Advisory, VDB Entry

Information

Published : 2018-07-18 13:29

Updated : 2024-02-15 20:37


NVD link : CVE-2018-2934

Mitre link : CVE-2018-2934

CVE.ORG link : CVE-2018-2934


JSON object : View

Products Affected

oracle

  • e-business_suite
CWE
CWE-665

Improper Initialization