fkie_cve-2018-2749
Vulnerability from fkie_nvd
Published
2018-04-19 02:29
Modified
2024-11-21 04:04
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0 and 14.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Corporate Lending, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).
References
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/103864Third Party Advisory, VDB Entry
secalert_us@oracle.comhttp://www.securitytracker.com/id/1040693Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/103864Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1040693Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
oracle banking_corporate_lending 12.3.0
oracle banking_corporate_lending 12.4.0
oracle banking_corporate_lending 12.5.0
oracle banking_corporate_lending 14.0.0
oracle banking_payments 12.3.0
oracle banking_payments 12.4.0
oracle banking_payments 12.5.0
oracle banking_payments 14.0.0
oracle flexcube_enterprise_limits_and_collateral_management 12.3.0
oracle flexcube_enterprise_limits_and_collateral_management 14.0.0
oracle flexcube_investor_servicing 12.0.4
oracle flexcube_investor_servicing 12.1.0
oracle flexcube_investor_servicing 12.3.0
oracle flexcube_investor_servicing 12.4.0
oracle flexcube_universal_banking 11.3.0
oracle flexcube_universal_banking 11.4.0
oracle flexcube_universal_banking 12.0.1
oracle flexcube_universal_banking 12.0.2
oracle flexcube_universal_banking 12.0.3
oracle flexcube_universal_banking 12.1.0
oracle flexcube_universal_banking 12.2.0
oracle flexcube_universal_banking 12.3.0
oracle flexcube_universal_banking 12.4.0
oracle flexcube_universal_banking 14.0.0


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:banking_corporate_lending:12.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "38C8F66A-D6CC-4B59-B2FC-299A4332360F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_corporate_lending:12.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "3AB5104F-057C-4887-BEAF-7A59D11DFB23",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_corporate_lending:12.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F6A9144-B6C5-482B-B91E-58BC196FFA68",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_corporate_lending:14.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "A29D91D2-687E-4671-88DC-9D36BB5EDAB7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:banking_payments:12.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5723C585-7087-46F1-949C-FED9A56A386A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_payments:12.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "ADFA6852-C1B5-4778-A238-40A8FAB46DD5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_payments:12.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "CF33F6D1-56E6-414A-B0FB-B09A2E6154AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:banking_payments:14.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7BE6EB99-98BF-49A2-8890-829320607A1B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:flexcube_enterprise_limits_and_collateral_management:12.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "90447192-DB29-41D5-AF1F-0364A2893ED4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:flexcube_enterprise_limits_and_collateral_management:14.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8D061FB7-A8B4-4D2C-BB76-38B977F1A12B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "B0A34DF8-72CC-4A8E-84F2-C2DF4A0B9FAB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "21BE77B2-6368-470E-B9E6-21664D9A818A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "3250073F-325A-4AFC-892F-F2005E3854A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "0DDDC9C2-33D6-4123-9ABC-C9B809A6E88E",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:flexcube_universal_banking:11.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "BDAB2438-6836-4632-A344-3486F0661D17",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:flexcube_universal_banking:11.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4703D070-2171-4501-9EF1-A417AB111D95",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:flexcube_universal_banking:12.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "501D0455-4A7E-496A-9D92-CD2A0E9ECC62",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:flexcube_universal_banking:12.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "097B84AB-C16F-48B4-BFCE-DB87D607EC5C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:flexcube_universal_banking:12.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "77C313ED-A2A5-4BD2-B88F-F8F5DA2DAFAF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:flexcube_universal_banking:12.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E9EF4050-D40E-4D2E-91B9-5387B2464208",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:flexcube_universal_banking:12.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "0CA52AE9-989E-40B4-A9CF-9E45EABEB54B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:flexcube_universal_banking:12.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "77DAFCA5-2BAD-4382-8AEB-862E10B87161",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:flexcube_universal_banking:12.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F3D55FB5-8ED8-4797-B5BC-545477AF7347",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:flexcube_universal_banking:14.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "93B0DE54-8EFB-4B79-B423-215D64E89097",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0 and 14.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Corporate Lending, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",
      },
      {
         lang: "es",
         value: "Vulnerabilidad en el componente Oracle Banking Corporate Lending de Oracle Financial Services Applications (subcomponente: Core module). Las versiones soportadas que se han visto afectadas son la 12.3.0, 12.4.0, 12.5.0 y la 14.0.0. Una vulnerabilidad fácilmente explotable permite que un atacante con un bajo nivel de privilegios que tenga acceso a red por HTTP comprometa la seguridad de Oracle Banking Corporate Lending. Para que los ataques tengan éxito, se necesita la participación de otra persona diferente del atacante y, aunque la vulnerabilidad está presente en Oracle Banking Corporate Lending, los ataques podrían afectar seriamente a productos adicionales. Los ataques exitosos a esta vulnerabilidad pueden resultar en el acceso no autorizado a la actualización, inserción o supresión de algunos de los datos accesibles de Oracle Banking Corporate Lending; así como en el acceso de lectura sin autorización de un subconjunto de datos accesibles de Oracle Banking Corporate Lending. CVSS 3.0 Base Score 5.4 (impactos de confidencialidad e integridad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",
      },
   ],
   id: "CVE-2018-2749",
   lastModified: "2024-11-21T04:04:22.107",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "NONE",
               baseScore: 4.9,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 6.8,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.4,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "LOW",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
               version: "3.0",
            },
            exploitabilityScore: 2.3,
            impactScore: 2.7,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-04-19T02:29:01.117",
   references: [
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/103864",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1040693",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/103864",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securitytracker.com/id/1040693",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.