PT-2018-2259 · Oracle · Oracle Identity Analytics

Publicado

2018-10-16

Atualizado

2019-10-03

CVE-2018-3168

CVSS v3.1

7.1

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

Name of the Vulnerable Software and Affected Versions Oracle Identity Analytics version 11.1.1.5.8

Description The issue is related to insufficient access control in the Core Components subcomponent of Oracle Identity Analytics, allowing a low-privileged attacker with network access via HTTP to compromise the system. Successful attacks can result in unauthorized creation, deletion, or modification of critical data, as well as unauthorized read access to a subset of accessible data.

Recommendations For version 11.1.1.5.8, update to a version that addresses the insufficient access control issue in the Core Components subcomponent to prevent unauthorized data access and modification. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284

Identificadores relacionados

BDU:2019-00359

CVE-2018-3168

Produtos afetados

Oracle Identity Analytics

PT-2018-2259 · Oracle · Oracle Identity Analytics

CVE-2018-3168

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5