CVE-2018-3010

Name of the Vulnerable Software and Affected Versions Oracle Outside In Technology version 8.5.3

Description The issue is related to inadequate access control in the Outside In Technology component of Oracle Fusion Middleware, specifically in the Outside In Filters subcomponent. This easily exploitable flaw allows an unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology, potentially resulting in unauthorized access to critical data or complete access to all accessible data, as well as a partial denial of service. Successful attacks require human interaction from a person other than the attacker.

Recommendations For Oracle Outside In Technology version 8.5.3, consider restricting access to the Outside In Technology code until a patch is available, and ensure that any software using the Outside In Technology code does not pass unsanitized data received over a network directly to the Outside In Technology code. At the moment, there is no information about a newer version that contains a fix for this vulnerability.