CVE-ID |
CVE-2018-3099
|
• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
|
Description |
Vulnerability in the Oracle Outside In Technology component of Oracle
Fusion Middleware (subcomponent: Outside In Filters). The supported
version that is affected is 8.5.3. Easily exploitable vulnerability
allows unauthenticated attacker with network access via HTTP to
compromise Oracle Outside In Technology. Successful attacks require
human interaction from a person other than the attacker. Successful
attacks of this vulnerability can result in unauthorized access to
critical data or complete access to all Oracle Outside In Technology
accessible data and unauthorized ability to cause a partial denial of
service (partial DOS) of Oracle Outside In Technology. Note: Outside
In Technology is a suite of software development kits (SDKs). The
protocol and CVSS score depend on the software that uses the Outside
In Technology code. The CVSS score assumes that the software passes
data received over a network directly to Outside In Technology code,
but if data is not received over a network the CVSS score may be
lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability
impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L).
|
References |
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
|
|
Assigning CNA |
Oracle |
Date Entry Created |
20171215 |
Disclaimer: The entry creation date may reflect when
the CVE ID was allocated or reserved, and does not
necessarily indicate when this vulnerability was
discovered, shared with the affected vendor, publicly
disclosed, or updated in CVE.
|
Phase (Legacy) |
Assigned (20171215) |
Votes (Legacy) |
|
Comments (Legacy) |
|
Proposed (Legacy) |
N/A |
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities. |
|
For More Information: cve@mitre.org
|