CVE-2018-2954

{"id": "CVE-2018-2954", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.4, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.0, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.0}]}, "published": "2018-07-18T13:29:03.053", "references": [{"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "tags": ["Patch", "Vendor Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://www.securityfocus.com/bid/104834", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert_us@oracle.com"}, {"url": "http://www.securitytracker.com/id/1041309", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert_us@oracle.com"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/104834", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1041309", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle Order Management component of Oracle E-Business Suite (subcomponent: Product Diagnostic Tools). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Order Management executes to compromise Oracle Order Management. Successful attacks of this vulnerability can result in takeover of Oracle Order Management. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)."}, {"lang": "es", "value": "Vulnerabilidad en el componente Oracle Order Management de Oracle E-Business Suite (subcomponente: Product Diagnostic Tools). Las versiones compatibles que se han visto afectadas son la 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 y la 12.2.7. Una vulnerabilidad dif\u00edcilmente explotable permite que un atacante con un bajo nivel de privilegios y con permisos de inicio de sesi\u00f3n en la infraestructura en la que se ejecuta Oracle Order Management comprometa la seguridad de Oracle Order Management. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Oracle Order Management. CVSS 3.0 Base Score 7.0 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)."}], "lastModified": "2024-11-21T04:04:49.920", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:order_management:12.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C890197-8DE6-4F5F-A711-1148779D612A"}, {"criteria": "cpe:2.3:a:oracle:order_management:12.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "777FF4BF-E290-4EDB-AEF6-2D0AFE4E0FD7"}, {"criteria": "cpe:2.3:a:oracle:order_management:12.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DAE82704-C50D-4FD7-96EF-85A09239426E"}, {"criteria": "cpe:2.3:a:oracle:order_management:12.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FCF902F-8A86-47DC-935F-FE1634F9649C"}, {"criteria": "cpe:2.3:a:oracle:order_management:12.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49D43985-5019-4154-9FD3-094305B71E5A"}, {"criteria": "cpe:2.3:a:oracle:order_management:12.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A96732A1-05C9-461B-95AC-7205840CF525"}, {"criteria": "cpe:2.3:a:oracle:order_management:12.2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46779BBB-C23D-44E8-B351-C5553F644666"}, {"criteria": "cpe:2.3:a:oracle:order_management:12.2.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3CDB1333-CD13-4B12-B503-3A9A2955B228"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}