Skip to main content

Banking Corporate Lending CVE-2018-2748

MEDIUM
2018-04-19 secalert_us@oracle.com
6.1
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Apr 19, 2018 - 02:29 nvd
MEDIUM 6.1

DescriptionNVD

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0 and 14.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Corporate Lending, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).

AnalysisAI

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0 and 14.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Corporate Lending, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Affected products include: Oracle Banking Corporate Lending, Oracle Banking Payments, Oracle Flexcube Enterprise Limits And Collateral Management, Oracle Flexcube Investor Servicing, Oracle Flexcube Universal Banking.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2019-3778 MEDIUM POC
6.5 Mar 07

Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0

CVE-2018-2706 HIGH
8.8 Jan 18

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent:

CVE-2018-3050 HIGH
8.1 Jul 18

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent:

CVE-2018-2707 HIGH
8.1 Jan 18

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent:

CVE-2020-2718 HIGH
7.1 Jan 15

Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core

CVE-2018-2746 HIGH
7.1 Apr 19

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent:

CVE-2020-14894 MEDIUM
6.5 Oct 21

Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core

CVE-2020-2716 MEDIUM
6.5 Jan 15

Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core

CVE-2018-3040 MEDIUM
6.5 Jul 18

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent:

CVE-2018-2747 MEDIUM
6.5 Apr 19

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent:

CVE-2018-3036 MEDIUM
6.3 Jul 18

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent:

CVE-2018-2895 MEDIUM
6.1 Jul 18

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent:

Share

CVE-2018-2748 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy