CVE-2018-2720 : Vulnerability in the Oracle Financial Services Liquidity Risk Management component of Oracle Financial Services Applicat

Vulnerability in the Oracle Financial Services Liquidity Risk Management component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Liquidity Risk Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Liquidity Risk Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Liquidity Risk Management accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).

Published 2018-01-18 02:29:25

Updated 2019-10-03 00:03:26

Source Oracle

View at NVD, CVE.org

Vulnerability category: Bypass

Exploit prediction scoring system (EPSS) score for CVE-2018-2720

Probability of exploitation activity in the next 30 days: 0.10%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 40 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2018-2720

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:N	8.0	4.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None
8.1	HIGH	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N	2.8	5.2	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: None

References for CVE-2018-2720

http://www.securityfocus.com/bid/102655

Oracle Financial Services Liquidity Risk Management CVE-2018-2720 Remote Security Vulnerability
Third Party Advisory;VDB Entry
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

Oracle Critical Patch Update - January 2018
Patch;Vendor Advisory

CVEs referencing this url
http://www.securitytracker.com/id/1040214

Oracle Financial Services Applications Multiple Bugs Let Remote Users Access and Modify Data and Remote Authenticated Users Deny Service and Gain Elevated Privileges - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url

Products affected by CVE-2018-2720

Oracle » Financial Services Liquidity Risk Management » Version: 8.0.4.0.0
cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.4.0.0:*:*:*:*:*:*:*
Matching versions
Oracle » Financial Services Liquidity Risk Management » Version: 8.0.3.0.0
cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.3.0.0:*:*:*:*:*:*:*
Matching versions
Oracle » Financial Services Liquidity Risk Management » Version: 8.0.2.0.0
cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.2.0.0:*:*:*:*:*:*:*
Matching versions
Oracle » Financial Services Liquidity Risk Management » Version: 8.0.1.0.0
cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.1.0.0:*:*:*:*:*:*:*
Matching versions
Oracle » Financial Services Liquidity Risk Management » Version: 8.0.5.0.0
cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.5.0.0:*:*:*:*:*:*:*
Matching versions
Oracle » Financial Services Liquidity Risk Management » Version: 8.0.0.1.0
cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.0.1.0:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2018-2720

Exploit prediction scoring system (EPSS) score for CVE-2018-2720

CVSS scores for CVE-2018-2720

References for CVE-2018-2720

Products affected by CVE-2018-2720