mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-29 01:31:20 +00:00
181 lines
6.4 KiB
JSON
181 lines
6.4 KiB
JSON
{
|
|
"id": "CVE-2018-2954",
|
|
"sourceIdentifier": "secalert_us@oracle.com",
|
|
"published": "2018-07-18T13:29:03.053",
|
|
"lastModified": "2024-11-21T04:04:49.920",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Vulnerability in the Oracle Order Management component of Oracle E-Business Suite (subcomponent: Product Diagnostic Tools). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Order Management executes to compromise Oracle Order Management. Successful attacks of this vulnerability can result in takeover of Oracle Order Management. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Vulnerabilidad en el componente Oracle Order Management de Oracle E-Business Suite (subcomponente: Product Diagnostic Tools). Las versiones compatibles que se han visto afectadas son la 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 y la 12.2.7. Una vulnerabilidad dif\u00edcilmente explotable permite que un atacante con un bajo nivel de privilegios y con permisos de inicio de sesi\u00f3n en la infraestructura en la que se ejecuta Oracle Order Management comprometa la seguridad de Oracle Order Management. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Oracle Order Management. CVSS 3.0 Base Score 7.0 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV30": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.0",
|
|
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
|
"baseScore": 7.0,
|
|
"baseSeverity": "HIGH",
|
|
"attackVector": "LOCAL",
|
|
"attackComplexity": "HIGH",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH"
|
|
},
|
|
"exploitabilityScore": 1.0,
|
|
"impactScore": 5.9
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
|
|
"baseScore": 4.4,
|
|
"accessVector": "LOCAL",
|
|
"accessComplexity": "MEDIUM",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "PARTIAL"
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 3.4,
|
|
"impactScore": 6.4,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "NVD-CWE-noinfo"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:order_management:12.1.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7C890197-8DE6-4F5F-A711-1148779D612A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:order_management:12.1.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "777FF4BF-E290-4EDB-AEF6-2D0AFE4E0FD7"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:order_management:12.1.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DAE82704-C50D-4FD7-96EF-85A09239426E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:order_management:12.2.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5FCF902F-8A86-47DC-935F-FE1634F9649C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:order_management:12.2.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "49D43985-5019-4154-9FD3-094305B71E5A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:order_management:12.2.5:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A96732A1-05C9-461B-95AC-7205840CF525"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:order_management:12.2.6:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "46779BBB-C23D-44E8-B351-C5553F644666"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:oracle:order_management:12.2.7:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3CDB1333-CD13-4B12-B503-3A9A2955B228"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
|
|
"source": "secalert_us@oracle.com",
|
|
"tags": [
|
|
"Patch",
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/104834",
|
|
"source": "secalert_us@oracle.com",
|
|
"tags": [
|
|
"Third Party Advisory",
|
|
"VDB Entry"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.securitytracker.com/id/1041309",
|
|
"source": "secalert_us@oracle.com",
|
|
"tags": [
|
|
"Third Party Advisory",
|
|
"VDB Entry"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Patch",
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/104834",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Third Party Advisory",
|
|
"VDB Entry"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.securitytracker.com/id/1041309",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Third Party Advisory",
|
|
"VDB Entry"
|
|
]
|
|
}
|
|
]
|
|
} |