Main Vulnerability Database Vulnerabilities #VU36510

Input validation error in Identity Manager - CVE-2018-3179

Published: October 17, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36510

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-3179

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Oracle

Affected software:
Identity Manager

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to #BASIC_IMPACT#.

Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Advanced Console). Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager. While the vulnerability is in Oracle Identity Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Identity Manager accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Identity Manager. CVSS 3.0 Base Score 7.2 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L).

How to mitigate CVE-2018-3179

Install update from vendor's website.

Input validation error in Identity Manager - CVE-2018-3179

Detailed vulnerability description

How to mitigate CVE-2018-3179

Sources

Please verify you're human