Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-3215

Vulnerability in the Oracle Endeca Information Discovery Integrator component of Oracle Fusion Middleware (subcomponent: Integrator ETL). Supported versions that are affected are 3.1.0 and 3.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Endeca Information Discovery Integrator. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Endeca Information Discovery Integrator accessible data as well as unauthorized read access to a subset of Oracle Endeca Information Discovery Integrator accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).

Published

2018-10-17T01:31:23.603

Last Modified

2024-11-21T04:05:27.640

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 5.4 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

8.6

Impact Score

4.9

Weaknesses
  • Type: Primary
    NVD-CWE-noinfo
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application oracle endeca_information_discovery_integrator 3.1.0 Yes
Application oracle endeca_information_discovery_integrator 3.2.0 Yes
References