Banking Payments
CVE-2018-3025
MEDIUM
Severity by source
AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Supported versions that are affected are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Payments accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).
AnalysisAI
Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.
Technical ContextAI
Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Supported versions that are affected are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Payments accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). Affected products include: Oracle Banking Payments.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Banking Payments
View allinitDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attack
Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments
Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments
Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments
When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally lead
When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally lead
When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result
The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop w
Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Rated
Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent:
In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. R
A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error.
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today