Enterprise Manager Ops Center
CVE-2018-2976
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite (subcomponent: Networking). The supported version that is affected is 12.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Ops Center accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Ops Center accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N).
AnalysisAI
Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite (subcomponent: Networking). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite (subcomponent: Networking). The supported version that is affected is 12.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Ops Center accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Ops Center accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N). Affected products include: Oracle Enterprise Manager Ops Center.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect
Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denia
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directiv
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL proto
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from t
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execu
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE. Rated critical severity (CVSS 9.8)
libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. Rated critical severity (
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow app
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.4.4
XStream is software for serializing Java objects to XML and back again. Rated high severity (CVSS 8.8), this vulnerabili
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today