CVE-2018-2954

Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite versions 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7

Description The issue is related to insufficient access control in the Product Diagnostic Tools component of Oracle Order Management, allowing a low-privileged attacker with logon access to the infrastructure to compromise Oracle Order Management. Successful attacks can result in the takeover of Oracle Order Management.

Recommendations For versions 12.1.1, 12.1.2, 12.1.3, update to a version that includes the necessary security patches to address the access control issue. For versions 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, apply the recommended security fixes to resolve the vulnerability. As a temporary workaround, consider restricting access to the Product Diagnostic Tools component until a patch is available.