Main Vulnerability Database Vulnerabilities #VU11934

Security restrictions bypass in Oracle Application Object Library - CVE-2018-2804

Published: April 19, 2018

Vulnerability identifier: #VU11934

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-2804

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Oracle

Affected software:
Oracle Application Object Library

Detailed vulnerability description

The vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information and write arbitrary files on the target system.

The weakness exists in the Oracle Application Object Library component of Oracle E-Business Suite due to improper security restrictions. A remote attacker can create, delete or modify critical data or all Oracle Application Object Library accessible data and gain unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data.

How to mitigate CVE-2018-2804

Install update from vendor's website.

Sources

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

Security restrictions bypass in Oracle Application Object Library - CVE-2018-2804

Detailed vulnerability description

How to mitigate CVE-2018-2804

Sources

Please verify you're human