Vulnerability Details : CVE-2018-3151

Vulnerability in the Oracle iProcurement component of Oracle E-Business Suite (subcomponent: E-Content Manager Catalog). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iProcurement. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iProcurement accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Publish Date : 2018-10-16 Last Update Date : 2019-10-02

Collapse All Expand All Select Select&Copy	Scroll To Vendor Statements(0) Additional Vendor Data(0) OVAL Definitions(0) Vulnerable Products(0) # Of Vulns By Products References(0) Metasploit Modules(0)	Comments View User Comments Add Comment	External Links Secunia Advisories XForce Advisories Vulnerability Details at NVD Vulnerability Details at Mitre Nessus Plugins Linux Kernel Git Repository First CVSS Guide
Search Twitter Search YouTube Search Google

- CVSS Scores & Vulnerability Types

CVSS Score	5.0
Confidentiality Impact	Partial (There is considerable informational disclosure.)
Integrity Impact	None (There is no impact to the integrity of the system)
Availability Impact	None (There is no impact to the availability of the system.)
Access Complexity	Low (Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )
Authentication	Not required (Authentication is not required to exploit the vulnerability.)
Gained Access	None
Vulnerability Type(s)
CWE ID	CWE id is not defined for this vulnerability

- Products Affected By CVE-2018-3151

#	Product Type	Vendor	Product	Version
1	Application	Oracle	Iprocurement	12.1.1	Version Details Vulnerabilities
2	Application	Oracle	Iprocurement	12.1.2	Version Details Vulnerabilities
3	Application	Oracle	Iprocurement	12.1.3	Version Details Vulnerabilities
4	Application	Oracle	Iprocurement	12.2.3	Version Details Vulnerabilities
5	Application	Oracle	Iprocurement	12.2.4	Version Details Vulnerabilities
6	Application	Oracle	Iprocurement	12.2.5	Version Details Vulnerabilities
7	Application	Oracle	Iprocurement	12.2.6	Version Details Vulnerabilities
8	Application	Oracle	Iprocurement	12.2.7	Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor	Product	Vulnerable Versions
Oracle	Iprocurement	8

- References For CVE-2018-3151

http://www.securitytracker.com/id/1041897
SECTRACK 1041897

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html CONFIRM

http://www.securityfocus.com/bid/105631
BID 105631 Oracle E-Business Suite Multiple Security Vulnerabilities Release Date:2018-10-16

- Metasploit Modules Related To CVE-2018-3151

There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)