SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Oracle Fusion Middleware Vendors:   Oracle
Oracle Fusion Middleware Multiple Flaws Let Remote Users Access and Modify Data, Deny Service, and Gain Elevated Privileges
SecurityTracker Alert ID:  1041310
SecurityTracker URL:  http://securitytracker.com/id/1041310
CVE Reference:   CVE-2018-2900, CVE-2018-2925, CVE-2018-2943, CVE-2018-2958, CVE-2018-2992, CVE-2018-3007, CVE-2018-3009, CVE-2018-3010, CVE-2018-3092, CVE-2018-3093, CVE-2018-3094, CVE-2018-3095, CVE-2018-3096, CVE-2018-3097, CVE-2018-3098, CVE-2018-3100, CVE-2018-3101, CVE-2018-3108, CVE-2018-3109   (Links to External Site)
Date:  Jul 18 2018
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Multiple vulnerabilities were reported in Oracle Fusion Middleware. A remote user can access and modify data on the target system. A remote user can cause denial of service conditions on the target system. A remote user can gain elevated privileges.

A remote user can exploit a flaw in the Oracle Fusion Middleware MapViewer Map Builder component to gain elevated privileges [CVE-2018-2943].

A remote user can exploit a flaw in the Oracle Business Process Management Suite Process Analysis & Discovery component to access and modify data [CVE-2018-3100].

A remote user can exploit a flaw in the Oracle Tuxedo Core component to access data [CVE-2018-3007].

A remote user can exploit a flaw in the BI Publisher BI Publisher Security component to partially access data and modify data [CVE-2018-2958].

A remote user can exploit a flaw in the BI Publisher Layout Tools component to partially access data and modify data [CVE-2018-2900].

A remote user can exploit a flaw in the Oracle Outside In Technology Outside In Filters component to access data and cause partial denial of service conditions [CVE-2018-2992, CVE-2018-3009, CVE-2018-3010, CVE-2018-3092, CVE-2018-3093, CVE-2018-3094, CVE-2018-3095, CVE-2018-3096, CVE-2018-3097, CVE-2018-3098, CVE-2018-3099, CVE-2018-3102, CVE-2018-3103, CVE-2018-3104].

A remote authenticated user can exploit a flaw in the BI Publisher Web Server component to access data [CVE-2018-2925].

A remote authenticated user can exploit a flaw in the Oracle Fusion Middleware MapViewer Map Builder component to access data [CVE-2018-3109].

A remote authenticated user can exploit a flaw in the Oracle Fusion Middleware Oracle Nofication Service component to access data [CVE-2018-3108].

A remote user can exploit a flaw in the Oracle WebCenter Portal Portlet Services component to partially access data [CVE-2018-3101].

Jakub Palaczynski of ING Services Polska, Marcin Woloszyn of ING Services Polska, Bartlomiej Stasiek, Behzad Najjarpour Jabbari of Secunia Research at Flexera Software, Pawel Gocyla, and Matthew E. Fulton reported these vulnerabilities.

Impact:   A remote user can obtain data on the target system.

A remote user can modify data on the target system.

A remote user can cause denial of service conditions.

A remote user can gain elevated privileges on the target system.

Solution:   The vendor has issued a fix as part of the July 2018 Critical Patch Update.

The vendor advisory is available at:

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Vendor URL:  www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html (Links to External Site)
Cause:   Not specified
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC