Communications Convergence
CVE-2018-2936
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
Vulnerability in the Oracle Communications Messaging Server component of Oracle Communications Applications (subcomponent: Web Client). The supported version that is affected is 3.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Messaging Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Messaging Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Messaging Server accessible data as well as unauthorized read access to a subset of Oracle Communications Messaging Server accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
AnalysisAI
Vulnerability in the Oracle Communications Messaging Server component of Oracle Communications Applications (subcomponent: Web Client). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
Vulnerability in the Oracle Communications Messaging Server component of Oracle Communications Applications (subcomponent: Web Client). The supported version that is affected is 3.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Messaging Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Messaging Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Messaging Server accessible data as well as unauthorized read access to a subset of Oracle Communications Messaging Server accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Affected products include: Oracle Communications Convergence.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Communications Convergence
View allAn issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. Rated high severity (CVSS 8.1), this vulne
A vulnerability was found in Hibernate-Validator. Rated medium severity (CVSS 6.1), this vulnerability is remotely explo
Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contain
Vulnerability in the Oracle Communications Convergence product of Oracle Communications Applications (component: Admin C
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "/
The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resulta
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for a
Vulnerability in the Oracle Communications Convergence component of Oracle Communications Applications (subcomponent: Ma
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today