PT-2018-15879 · Oracle · Oracle General Ledger+1

Published

2018-04-19

Updated

2019-10-03

CVE-2018-2866

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite versions 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7

Description The issue affects the Consolidation Hierarchy Viewer subcomponent of Oracle General Ledger, allowing an unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger. This can result in unauthorized read access to a subset of Oracle General Ledger accessible data.

Recommendations For versions 12.1.1, 12.1.2, 12.1.3, update to a version that includes the fix for this issue. For versions 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2018-2866

Affected Products

Oracle E-Business Suite

Oracle General Ledger

PT-2018-15879 · Oracle · Oracle General Ledger+1

CVE-2018-2866

Related Identifiers

Affected Products

References · 5