Skip to main content

Banking Corporate Lending CVE-2018-3036

MEDIUM
2018-07-18 secalert_us@oracle.com
6.3
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

1
CVE Published
Jul 18, 2018 - 13:29 nvd
MEDIUM 6.3

DescriptionNVD

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Corporate Lending. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).

AnalysisAI

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity.

Technical ContextAI

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Corporate Lending. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). Affected products include: Oracle Banking Corporate Lending.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2019-3778 MEDIUM POC
6.5 Mar 07

Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0

CVE-2018-2706 HIGH
8.8 Jan 18

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent:

CVE-2018-3050 HIGH
8.1 Jul 18

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent:

CVE-2018-2707 HIGH
8.1 Jan 18

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent:

CVE-2020-2718 HIGH
7.1 Jan 15

Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core

CVE-2018-2746 HIGH
7.1 Apr 19

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent:

CVE-2020-14894 MEDIUM
6.5 Oct 21

Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core

CVE-2020-2716 MEDIUM
6.5 Jan 15

Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core

CVE-2018-3040 MEDIUM
6.5 Jul 18

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent:

CVE-2018-2747 MEDIUM
6.5 Apr 19

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent:

CVE-2018-2895 MEDIUM
6.1 Jul 18

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent:

CVE-2018-2748 MEDIUM
6.1 Apr 19

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent:

Share

CVE-2018-3036 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy