CVE-2018-3167

Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite versions 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7

Description The issue is related to the Application Management Pack for Oracle E-Business Suite component, specifically the User Monitoring subcomponent. It allows an unauthenticated attacker with network access via HTTP to compromise the Application Management Pack for Oracle E-Business Suite, resulting in unauthorized read access to a subset of accessible data. The vulnerability is related to errors in access control.

Recommendations For versions 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, at the moment, there is no information about a newer version that contains a fix for this vulnerability.