Main Vulnerability Database SB2018041909

SB2018041909 - Security restrictions bypass in Oracle Communications Applications

Published: April 19, 2018

Security Bulletin ID SB2018041909

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Security restrictions bypass (CVE-ID: CVE-2018-2756)

The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information and write arbitrary files on the target system.

The weakness exists in the Oracle Communications Order and Service Management component of Oracle Communications Applications due to improper security restrictions. A remote attacker can trick the victim into opening a specially crafted file, gain unauthorized access to critical data or complete access to all Oracle Communications Order and Service Management accessible data and unauthorized update, insert or delete access to some of Oracle Communications Order and Service Management accessible data.

Remediation

Install update from vendor's website.

References

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html