Main Vulnerability Database Vulnerabilities #VU11978

Security restrictions bypass in Oracle Financial Services Basel Regulatory Capital Basic - CVE-2018-2855

Published: April 19, 2018

Vulnerability identifier: #VU11978

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-2855

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Oracle

Affected software:
Oracle Financial Services Basel Regulatory Capital Basic

Detailed vulnerability description

The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information and write arbitrary files on the target system.

The weakness exists in the Oracle Financial Services Basel Regulatory Capital Basic component of Oracle Financial Services Applications due to improper security restrictions. A remote attacker can create, delete or modify critical data or all Oracle Financial Services Basel Regulatory Capital Basic accessible data and gain unauthorized access to critical data or complete access to all Oracle Financial Services Basel Regulatory Capital Basic accessible data.

How to mitigate CVE-2018-2855

Install update from vendor's website.

Sources

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

Security restrictions bypass in Oracle Financial Services Basel Regulatory Capital Basic - CVE-2018-2855

Detailed vulnerability description

How to mitigate CVE-2018-2855

Sources

Please verify you're human