CVE-2018-3104

Name of the Vulnerable Software and Affected Versions Oracle Outside In Technology version 8.5.3

Description The issue is related to insufficient access control in the Outside In Technology component of Oracle Fusion Middleware, specifically in the Outside In Filters subcomponent. This easily exploitable issue allows an unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology, requiring human interaction from a person other than the attacker. Successful attacks can result in unauthorized access to critical data, complete access to all Oracle Outside In Technology accessible data, and the ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology.

Recommendations For Oracle Outside In Technology version 8.5.3, consider restricting access to the Outside In Technology code until a patch is available, and ensure that any software using the Outside In Technology code does not pass data received over a network directly to it without proper validation and sanitization. As a temporary workaround, consider disabling any features that directly pass network-received data to the Outside In Technology code. At the moment, there is no information about a newer version that contains a fix for this vulnerability.