CVE-2018-3246

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html	Patch Vendor Advisory
http://www.securityfocus.com/bid/105628	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1041896	Third Party Advisory VDB Entry
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:oracle:banking_platform:2.6.0:::::::*
	cpe:2.3:a:oracle:banking_platform:2.6.1:::::::*
	cpe:2.3:a:oracle:banking_platform:2.6.2:::::::*
	cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:::::::*
	cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:::::::*
	cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:communications_converged_application_server::::::::
	cpe:2.3:a:oracle:communications_webrtc_session_controller::::::::
	cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0:::::::*
	cpe:2.3:a:oracle:retail_convenience_and_fuel_pos_software:2.8.1:::::::*
	cpe:2.3:a:oracle:utilities_network_management_system:1.12.0.3:::::::*
	cpe:2.3:a:oracle:utilities_network_management_system:2.3.0.0:::::::*
	cpe:2.3:a:oracle:utilities_network_management_system:2.3.0.1:::::::*
	cpe:2.3:a:oracle:utilities_network_management_system:2.3.0.2:::::::*
	cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0:::::::*
	cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:::::::*
	cpe:2.3:a:oracle:weblogic_server:12.2.1.3:::::::*
	cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:::::::*

History

No history.

Information

Published : 2018-10-17 01:31

Updated : 2023-12-10 12:44

NVD link : CVE-2018-3246

Mitre link : CVE-2018-3246

CVE.ORG link : CVE-2018-3246

JSON object : View

Products Affected

oracle

communications_converged_application_server
business_process_management_suite
enterprise_repository
weblogic_server
retail_convenience_and_fuel_pos_software
banking_platform
communications_webrtc_session_controller
utilities_network_management_system
webcenter_portal

CWE

NVD-CWE-noinfo

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2018-3246

7.5^/10

5.0^/10

Attach tags to `CVE-2018-3246`