PT-2018-15920 · Oracle · Oracle Application Object Library+1
Published
2018-07-18
·
Updated
2024-02-15
·
CVE-2018-2934
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Oracle E-Business Suite version 12.1.3
Description
The issue affects the Oracle Application Object Library component, specifically the Attachments / File Upload subcomponent. It allows an unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks can result in unauthorized update, insert, or delete access to some of Oracle Application Object Library's accessible data.
Recommendations
For version 12.1.3, update to a version that includes a fix for this issue, as the current version is easily exploitable and can lead to significant data integrity impacts.
Fix
Improper Initialization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Oracle Application Object Library
Oracle E-Business Suite