Vulnerabilites related to Oracle Corporation - General Ledger
cve-2021-2237
Vulnerability from cvelistv5
Published
2021-04-22 21:53
Modified
2024-09-26 15:04
Summary
Vulnerability in the Oracle General Ledger product of Oracle E-Business Suite (component: Account Hierarchy Manager). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle General Ledger accessible data as well as unauthorized access to critical data or complete access to all Oracle General Ledger accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).
References
Impacted products
Vendor Product Version
Oracle Corporation General Ledger Version: 12.1.1-12.1.3
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T16:38:56.225Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuapr2021.html",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2021-2237",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-09-26T14:48:51.315685Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-09-26T15:04:34.012Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "General Ledger",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "12.1.1-12.1.3",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Vulnerability in the Oracle General Ledger product of Oracle E-Business Suite (component: Account Hierarchy Manager). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle General Ledger accessible data as well as unauthorized access to critical data or complete access to all Oracle General Ledger accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 8.1,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle General Ledger.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle General Ledger accessible data as well as  unauthorized access to critical data or complete access to all Oracle General Ledger accessible data.",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-04-22T21:53:54",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuapr2021.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert_us@oracle.com",
               ID: "CVE-2021-2237",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "General Ledger",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "=",
                                          version_value: "12.1.1-12.1.3",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Oracle Corporation",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Vulnerability in the Oracle General Ledger product of Oracle E-Business Suite (component: Account Hierarchy Manager). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle General Ledger accessible data as well as unauthorized access to critical data or complete access to all Oracle General Ledger accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",
                  },
               ],
            },
            impact: {
               cvss: {
                  baseScore: "8.1",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle General Ledger.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle General Ledger accessible data as well as  unauthorized access to critical data or complete access to all Oracle General Ledger accessible data.",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.oracle.com/security-alerts/cpuapr2021.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuapr2021.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2021-2237",
      datePublished: "2021-04-22T21:53:54",
      dateReserved: "2020-12-09T00:00:00",
      dateUpdated: "2024-09-26T15:04:34.012Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-2866
Vulnerability from cvelistv5
Published
2018-04-19 02:00
Modified
2024-10-03 20:09
Severity ?
Summary
Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Consolidation Hierarchy Viewer). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle General Ledger accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
Impacted products
Vendor Product Version
Oracle Corporation General Ledger Version: 12.1.1
Version: 12.1.2
Version: 12.1.3
Version: 12.2.3
Version: 12.2.4
Version: 12.2.5
Version: 12.2.6
Version: 12.2.7
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T04:29:45.144Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "1040694",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1040694",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
               },
               {
                  name: "103873",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/103873",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2018-2866",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-10-03T19:13:37.609583Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-03T20:09:52.761Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "General Ledger",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "12.1.1",
                  },
                  {
                     status: "affected",
                     version: "12.1.2",
                  },
                  {
                     status: "affected",
                     version: "12.1.3",
                  },
                  {
                     status: "affected",
                     version: "12.2.3",
                  },
                  {
                     status: "affected",
                     version: "12.2.4",
                  },
                  {
                     status: "affected",
                     version: "12.2.5",
                  },
                  {
                     status: "affected",
                     version: "12.2.6",
                  },
                  {
                     status: "affected",
                     version: "12.2.7",
                  },
               ],
            },
         ],
         datePublic: "2018-03-27T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Consolidation Hierarchy Viewer). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle General Ledger accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle General Ledger accessible data.",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-04-19T09:57:01",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               name: "1040694",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1040694",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
            },
            {
               name: "103873",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/103873",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert_us@oracle.com",
               ID: "CVE-2018-2866",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "General Ledger",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "=",
                                          version_value: "12.1.1",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "12.1.2",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "12.1.3",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "12.2.3",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "12.2.4",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "12.2.5",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "12.2.6",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "12.2.7",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Oracle Corporation",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Consolidation Hierarchy Viewer). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle General Ledger accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle General Ledger accessible data.",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "1040694",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1040694",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
                  },
                  {
                     name: "103873",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/103873",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2018-2866",
      datePublished: "2018-04-19T02:00:00",
      dateReserved: "2017-12-15T00:00:00",
      dateUpdated: "2024-10-03T20:09:52.761Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-2872
Vulnerability from cvelistv5
Published
2018-04-19 02:00
Modified
2024-10-03 20:09
Severity ?
Summary
Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Account Hierarchy Manager). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle General Ledger accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
Impacted products
Vendor Product Version
Oracle Corporation General Ledger Version: 12.1.1
Version: 12.1.2
Version: 12.1.3
Version: 12.2.3
Version: 12.2.4
Version: 12.2.5
Version: 12.2.6
Version: 12.2.7
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T04:36:38.363Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "1040694",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1040694",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
               },
               {
                  name: "103865",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/103865",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2018-2872",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-10-03T19:13:41.637611Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-03T20:09:06.861Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "General Ledger",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "12.1.1",
                  },
                  {
                     status: "affected",
                     version: "12.1.2",
                  },
                  {
                     status: "affected",
                     version: "12.1.3",
                  },
                  {
                     status: "affected",
                     version: "12.2.3",
                  },
                  {
                     status: "affected",
                     version: "12.2.4",
                  },
                  {
                     status: "affected",
                     version: "12.2.5",
                  },
                  {
                     status: "affected",
                     version: "12.2.6",
                  },
                  {
                     status: "affected",
                     version: "12.2.7",
                  },
               ],
            },
         ],
         datePublic: "2018-03-27T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Account Hierarchy Manager). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle General Ledger accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle General Ledger accessible data.",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-04-19T09:57:01",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               name: "1040694",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1040694",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
            },
            {
               name: "103865",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/103865",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert_us@oracle.com",
               ID: "CVE-2018-2872",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "General Ledger",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "=",
                                          version_value: "12.1.1",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "12.1.2",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "12.1.3",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "12.2.3",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "12.2.4",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "12.2.5",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "12.2.6",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "12.2.7",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Oracle Corporation",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Account Hierarchy Manager). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle General Ledger accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle General Ledger accessible data.",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "1040694",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1040694",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
                  },
                  {
                     name: "103865",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/103865",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2018-2872",
      datePublished: "2018-04-19T02:00:00",
      dateReserved: "2017-12-15T00:00:00",
      dateUpdated: "2024-10-03T20:09:06.861Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-2873
Vulnerability from cvelistv5
Published
2018-04-19 02:00
Modified
2024-10-03 20:08
Severity ?
Summary
Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Account Hierarchy Manager). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle General Ledger accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
Impacted products
Vendor Product Version
Oracle Corporation General Ledger Version: 12.1.1
Version: 12.1.2
Version: 12.1.3
Version: 12.2.3
Version: 12.2.4
Version: 12.2.5
Version: 12.2.6
Version: 12.2.7
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T04:36:38.315Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "1040694",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1040694",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
               },
               {
                  name: "103867",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/103867",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2018-2873",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-10-03T19:13:40.074982Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-03T20:08:58.796Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "General Ledger",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "12.1.1",
                  },
                  {
                     status: "affected",
                     version: "12.1.2",
                  },
                  {
                     status: "affected",
                     version: "12.1.3",
                  },
                  {
                     status: "affected",
                     version: "12.2.3",
                  },
                  {
                     status: "affected",
                     version: "12.2.4",
                  },
                  {
                     status: "affected",
                     version: "12.2.5",
                  },
                  {
                     status: "affected",
                     version: "12.2.6",
                  },
                  {
                     status: "affected",
                     version: "12.2.7",
                  },
               ],
            },
         ],
         datePublic: "2018-03-27T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Account Hierarchy Manager). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle General Ledger accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle General Ledger accessible data.",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-04-19T09:57:01",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               name: "1040694",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1040694",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
            },
            {
               name: "103867",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/103867",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert_us@oracle.com",
               ID: "CVE-2018-2873",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "General Ledger",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "=",
                                          version_value: "12.1.1",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "12.1.2",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "12.1.3",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "12.2.3",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "12.2.4",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "12.2.5",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "12.2.6",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "12.2.7",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Oracle Corporation",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Account Hierarchy Manager). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle General Ledger accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle General Ledger accessible data.",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "1040694",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1040694",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
                  },
                  {
                     name: "103867",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/103867",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2018-2873",
      datePublished: "2018-04-19T02:00:00",
      dateReserved: "2017-12-15T00:00:00",
      dateUpdated: "2024-10-03T20:08:58.796Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2017-10245
Vulnerability from cvelistv5
Published
2017-08-08 15:00
Modified
2024-10-04 17:05
Severity ?
Summary
Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Account Hierarchy Manager). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle General Ledger accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Impacted products
Vendor Product Version
Oracle Corporation General Ledger Version: 12.1.1
Version: 12.1.2
Version: 12.1.3
Version: 12.2.3
Version: 12.2.4
Version: 12.2.5
Version: 12.2.6
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T17:33:16.928Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "99690",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/99690",
               },
               {
                  name: "1038926",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1038926",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2017-10245",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-10-04T15:36:14.130260Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-04T17:05:14.745Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "General Ledger",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "12.1.1",
                  },
                  {
                     status: "affected",
                     version: "12.1.2",
                  },
                  {
                     status: "affected",
                     version: "12.1.3",
                  },
                  {
                     status: "affected",
                     version: "12.2.3",
                  },
                  {
                     status: "affected",
                     version: "12.2.4",
                  },
                  {
                     status: "affected",
                     version: "12.2.5",
                  },
                  {
                     status: "affected",
                     version: "12.2.6",
                  },
               ],
            },
         ],
         datePublic: "2017-07-18T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Account Hierarchy Manager). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle General Ledger accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle General Ledger accessible data.",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-08-09T09:57:01",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               name: "99690",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/99690",
            },
            {
               name: "1038926",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1038926",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert_us@oracle.com",
               ID: "CVE-2017-10245",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "General Ledger",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "=",
                                          version_value: "12.1.1",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "12.1.2",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "12.1.3",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "12.2.3",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "12.2.4",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "12.2.5",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "12.2.6",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Oracle Corporation",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Account Hierarchy Manager). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle General Ledger accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle General Ledger accessible data.",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "99690",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/99690",
                  },
                  {
                     name: "1038926",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1038926",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2017-10245",
      datePublished: "2017-08-08T15:00:00",
      dateReserved: "2017-06-21T00:00:00",
      dateUpdated: "2024-10-04T17:05:14.745Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-2638
Vulnerability from cvelistv5
Published
2019-04-23 18:16
Modified
2024-10-02 15:58
Severity ?
Summary
Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Consolidation Hierarchy Viewer). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle General Ledger accessible data as well as unauthorized access to critical data or complete access to all Oracle General Ledger accessible data. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L).
Impacted products
Vendor Product Version
Oracle Corporation General Ledger Version: 12.1.1
Version: 12.1.2
Version: 12.1.3
Version: 12.2.3
Version: 12.2.4
Version: 12.2.5
Version: 12.2.6
Version: 12.2.7
Version: 12.2.8
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T18:56:45.195Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2019-2638",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-10-02T15:55:54.075571Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-02T15:58:43.284Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "General Ledger",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "12.1.1",
                  },
                  {
                     status: "affected",
                     version: "12.1.2",
                  },
                  {
                     status: "affected",
                     version: "12.1.3",
                  },
                  {
                     status: "affected",
                     version: "12.2.3",
                  },
                  {
                     status: "affected",
                     version: "12.2.4",
                  },
                  {
                     status: "affected",
                     version: "12.2.5",
                  },
                  {
                     status: "affected",
                     version: "12.2.6",
                  },
                  {
                     status: "affected",
                     version: "12.2.7",
                  },
                  {
                     status: "affected",
                     version: "12.2.8",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Consolidation Hierarchy Viewer). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle General Ledger accessible data as well as unauthorized access to critical data or complete access to all Oracle General Ledger accessible data. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L).",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle General Ledger.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle General Ledger accessible data as well as  unauthorized access to critical data or complete access to all Oracle General Ledger accessible data.",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-05-03T19:24:49",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert_us@oracle.com",
               ID: "CVE-2019-2638",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "General Ledger",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "=",
                                          version_value: "12.1.1",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "12.1.2",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "12.1.3",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "12.2.3",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "12.2.4",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "12.2.5",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "12.2.6",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "12.2.7",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "12.2.8",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Oracle Corporation",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Consolidation Hierarchy Viewer). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle General Ledger accessible data as well as unauthorized access to critical data or complete access to all Oracle General Ledger accessible data. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L).",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle General Ledger.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle General Ledger accessible data as well as  unauthorized access to critical data or complete access to all Oracle General Ledger accessible data.",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
                     refsource: "MISC",
                     url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2019-2638",
      datePublished: "2019-04-23T18:16:42",
      dateReserved: "2018-12-14T00:00:00",
      dateUpdated: "2024-10-02T15:58:43.284Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-2656
Vulnerability from cvelistv5
Published
2018-01-18 02:00
Modified
2024-10-03 20:36
Severity ?
Summary
Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Data Manager Server). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle General Ledger accessible data as well as unauthorized access to critical data or complete access to all Oracle General Ledger accessible data. CVSS 3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
Impacted products
Vendor Product Version
Oracle Corporation General Ledger Version: 12.1.1
Version: 12.1.2
Version: 12.1.3
Version: 12.2.3
Version: 12.2.4
Version: 12.2.5
Version: 12.2.6
Version: 12.2.7
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T04:21:34.592Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
               },
               {
                  name: "1040201",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1040201",
               },
               {
                  name: "102639",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/102639",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2018-2656",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-10-03T19:10:50.657582Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-03T20:36:34.657Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "General Ledger",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "12.1.1",
                  },
                  {
                     status: "affected",
                     version: "12.1.2",
                  },
                  {
                     status: "affected",
                     version: "12.1.3",
                  },
                  {
                     status: "affected",
                     version: "12.2.3",
                  },
                  {
                     status: "affected",
                     version: "12.2.4",
                  },
                  {
                     status: "affected",
                     version: "12.2.5",
                  },
                  {
                     status: "affected",
                     version: "12.2.6",
                  },
                  {
                     status: "affected",
                     version: "12.2.7",
                  },
               ],
            },
         ],
         datePublic: "2018-01-03T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Data Manager Server). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle General Ledger accessible data as well as unauthorized access to critical data or complete access to all Oracle General Ledger accessible data. CVSS 3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle General Ledger accessible data as well as  unauthorized access to critical data or complete access to all Oracle General Ledger accessible data.",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-01-18T10:57:01",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
            },
            {
               name: "1040201",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1040201",
            },
            {
               name: "102639",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/102639",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert_us@oracle.com",
               ID: "CVE-2018-2656",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "General Ledger",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "=",
                                          version_value: "12.1.1",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "12.1.2",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "12.1.3",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "12.2.3",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "12.2.4",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "12.2.5",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "12.2.6",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "12.2.7",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Oracle Corporation",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Data Manager Server). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle General Ledger accessible data as well as unauthorized access to critical data or complete access to all Oracle General Ledger accessible data. CVSS 3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle General Ledger accessible data as well as  unauthorized access to critical data or complete access to all Oracle General Ledger accessible data.",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
                  },
                  {
                     name: "1040201",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1040201",
                  },
                  {
                     name: "102639",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/102639",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2018-2656",
      datePublished: "2018-01-18T02:00:00",
      dateReserved: "2017-12-15T00:00:00",
      dateUpdated: "2024-10-03T20:36:34.657Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-2750
Vulnerability from cvelistv5
Published
2020-04-15 13:29
Modified
2024-09-30 15:42
Summary
Vulnerability in the Oracle General Ledger product of Oracle E-Business Suite (component: Account Hierarchy Manager). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle General Ledger accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
References
Impacted products
Vendor Product Version
Oracle Corporation General Ledger Version: 12.1.1-12.1.3
Version: 12.2.3-12.2.9
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T07:17:02.423Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2020-2750",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-09-30T14:57:34.166638Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-09-30T15:42:43.040Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "General Ledger",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "12.1.1-12.1.3",
                  },
                  {
                     status: "affected",
                     version: "12.2.3-12.2.9",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Vulnerability in the Oracle General Ledger product of Oracle E-Business Suite (component: Account Hierarchy Manager). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle General Ledger accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle General Ledger accessible data.",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-04-15T13:29:44",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert_us@oracle.com",
               ID: "CVE-2020-2750",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "General Ledger",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "=",
                                          version_value: "12.1.1-12.1.3",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "12.2.3-12.2.9",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Oracle Corporation",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Vulnerability in the Oracle General Ledger product of Oracle E-Business Suite (component: Account Hierarchy Manager). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle General Ledger accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",
                  },
               ],
            },
            impact: {
               cvss: {
                  baseScore: "7.5",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle General Ledger accessible data.",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.oracle.com/security-alerts/cpuapr2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2020-2750",
      datePublished: "2020-04-15T13:29:44",
      dateReserved: "2019-12-10T00:00:00",
      dateUpdated: "2024-09-30T15:42:43.040Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-2865
Vulnerability from cvelistv5
Published
2018-04-19 02:00
Modified
2024-10-03 20:10
Severity ?
Summary
Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Consolidation Hierarchy Viewer). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle General Ledger accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
Impacted products
Vendor Product Version
Oracle Corporation General Ledger Version: 12.1.1
Version: 12.1.2
Version: 12.1.3
Version: 12.2.3
Version: 12.2.4
Version: 12.2.5
Version: 12.2.6
Version: 12.2.7
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T04:29:44.832Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "1040694",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1040694",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
               },
               {
                  name: "103869",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/103869",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2018-2865",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-10-03T19:13:29.829538Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-03T20:10:01.547Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "General Ledger",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "12.1.1",
                  },
                  {
                     status: "affected",
                     version: "12.1.2",
                  },
                  {
                     status: "affected",
                     version: "12.1.3",
                  },
                  {
                     status: "affected",
                     version: "12.2.3",
                  },
                  {
                     status: "affected",
                     version: "12.2.4",
                  },
                  {
                     status: "affected",
                     version: "12.2.5",
                  },
                  {
                     status: "affected",
                     version: "12.2.6",
                  },
                  {
                     status: "affected",
                     version: "12.2.7",
                  },
               ],
            },
         ],
         datePublic: "2018-03-27T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Consolidation Hierarchy Viewer). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle General Ledger accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle General Ledger accessible data.",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-04-19T09:57:01",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               name: "1040694",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1040694",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
            },
            {
               name: "103869",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/103869",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert_us@oracle.com",
               ID: "CVE-2018-2865",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "General Ledger",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "=",
                                          version_value: "12.1.1",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "12.1.2",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "12.1.3",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "12.2.3",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "12.2.4",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "12.2.5",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "12.2.6",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "12.2.7",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Oracle Corporation",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Consolidation Hierarchy Viewer). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle General Ledger accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle General Ledger accessible data.",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "1040694",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1040694",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
                  },
                  {
                     name: "103869",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/103869",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2018-2865",
      datePublished: "2018-04-19T02:00:00",
      dateReserved: "2017-12-15T00:00:00",
      dateUpdated: "2024-10-03T20:10:01.547Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}