CVE-2018-2747
Summary
| CVE | CVE-2018-2747 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-04-19 02:29:00 UTC |
| Updated | 2019-10-03 00:03:00 UTC |
| Description | Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0 and 14.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Oracle | Banking Corporate Lending | 12.3.0 | All | All | All |
| Application | Oracle | Banking Corporate Lending | 12.4.0 | All | All | All |
| Application | Oracle | Banking Corporate Lending | 12.5.0 | All | All | All |
| Application | Oracle | Banking Corporate Lending | 14.0.0 | All | All | All |
| Application | Oracle | Banking Corporate Lending | 12.3.0 | All | All | All |
| Application | Oracle | Banking Corporate Lending | 12.4.0 | All | All | All |
| Application | Oracle | Banking Corporate Lending | 12.5.0 | All | All | All |
| Application | Oracle | Banking Corporate Lending | 14.0.0 | All | All | All |
| Application | Oracle | Banking Payments | 12.3.0 | All | All | All |
| Application | Oracle | Banking Payments | 12.4.0 | All | All | All |
| Application | Oracle | Banking Payments | 12.5.0 | All | All | All |
| Application | Oracle | Banking Payments | 14.0.0 | All | All | All |
| Application | Oracle | Banking Payments | 12.3.0 | All | All | All |
| Application | Oracle | Banking Payments | 12.4.0 | All | All | All |
| Application | Oracle | Banking Payments | 12.5.0 | All | All | All |
| Application | Oracle | Banking Payments | 14.0.0 | All | All | All |
| Application | Oracle | Flexcube Enterprise Limits And Collateral Management | 12.3.0 | All | All | All |
| Application | Oracle | Flexcube Enterprise Limits And Collateral Management | 14.0.0 | All | All | All |
| Application | Oracle | Flexcube Enterprise Limits And Collateral Management | 12.3.0 | All | All | All |
| Application | Oracle | Flexcube Enterprise Limits And Collateral Management | 14.0.0 | All | All | All |
| Application | Oracle | Flexcube Investor Servicing | 12.0.4 | All | All | All |
| Application | Oracle | Flexcube Investor Servicing | 12.1.0 | All | All | All |
| Application | Oracle | Flexcube Investor Servicing | 12.3.0 | All | All | All |
| Application | Oracle | Flexcube Investor Servicing | 12.4.0 | All | All | All |
| Application | Oracle | Flexcube Investor Servicing | 12.0.4 | All | All | All |
| Application | Oracle | Flexcube Investor Servicing | 12.1.0 | All | All | All |
| Application | Oracle | Flexcube Investor Servicing | 12.3.0 | All | All | All |
| Application | Oracle | Flexcube Investor Servicing | 12.4.0 | All | All | All |
| Application | Oracle | Flexcube Universal Banking | 11.3.0 | All | All | All |
| Application | Oracle | Flexcube Universal Banking | 11.4.0 | All | All | All |
| Application | Oracle | Flexcube Universal Banking | 12.0.1 | All | All | All |
| Application | Oracle | Flexcube Universal Banking | 12.0.2 | All | All | All |
| Application | Oracle | Flexcube Universal Banking | 12.0.3 | All | All | All |
| Application | Oracle | Flexcube Universal Banking | 12.1.0 | All | All | All |
| Application | Oracle | Flexcube Universal Banking | 12.2.0 | All | All | All |
| Application | Oracle | Flexcube Universal Banking | 12.3.0 | All | All | All |
| Application | Oracle | Flexcube Universal Banking | 12.4.0 | All | All | All |
| Application | Oracle | Flexcube Universal Banking | 14.0.0 | All | All | All |
| Application | Oracle | Flexcube Universal Banking | 11.3.0 | All | All | All |
| Application | Oracle | Flexcube Universal Banking | 11.4.0 | All | All | All |
| Application | Oracle | Flexcube Universal Banking | 12.0.1 | All | All | All |
| Application | Oracle | Flexcube Universal Banking | 12.0.2 | All | All | All |
| Application | Oracle | Flexcube Universal Banking | 12.0.3 | All | All | All |
| Application | Oracle | Flexcube Universal Banking | 12.1.0 | All | All | All |
| Application | Oracle | Flexcube Universal Banking | 12.2.0 | All | All | All |
| Application | Oracle | Flexcube Universal Banking | 12.3.0 | All | All | All |
| Application | Oracle | Flexcube Universal Banking | 12.4.0 | All | All | All |
| Application | Oracle | Flexcube Universal Banking | 14.0.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Oracle Critical Patch Update - April 2018 | CONFIRM | www.oracle.com | Patch, Vendor Advisory |
| Multiple Oracle Financial Services Applications Multiple Remote Security Vulnerabilities | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Oracle Financial Services Applications Flaws Let Remote Users Access and Modify Data and Gain Elevated Privileges on the Target System - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.