CVE-2018-2958

EPSS 2.1%

Vexday Risk Score

3Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS —EPSS 2.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

18 jul 2018Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all BI Publisher accessible data as well as unauthorized read access to a subset of BI Publisher accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N).

Produtos afetados

Oracle Corporation · BI Publisher (formerly XML Publisher)

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.securityfocus.com/bid/104767 http://www.securitytracker.com/id/1041310