CVE-2018-3246
Summary
| CVE | CVE-2018-3246 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-10-17 01:31:00 UTC |
| Updated | 2019-10-03 00:03:00 UTC |
| Description | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Oracle | Banking Platform | 2.6.0 | All | All | All |
| Application | Oracle | Banking Platform | 2.6.1 | All | All | All |
| Application | Oracle | Banking Platform | 2.6.2 | All | All | All |
| Application | Oracle | Banking Platform | 2.6.0 | All | All | All |
| Application | Oracle | Banking Platform | 2.6.1 | All | All | All |
| Application | Oracle | Banking Platform | 2.6.2 | All | All | All |
| Application | Oracle | Business Process Management Suite | 11.1.1.9.0 | All | All | All |
| Application | Oracle | Business Process Management Suite | 12.1.3.0.0 | All | All | All |
| Application | Oracle | Business Process Management Suite | 12.2.1.3.0 | All | All | All |
| Application | Oracle | Business Process Management Suite | 11.1.1.9.0 | All | All | All |
| Application | Oracle | Business Process Management Suite | 12.1.3.0.0 | All | All | All |
| Application | Oracle | Business Process Management Suite | 12.2.1.3.0 | All | All | All |
| Application | Oracle | Communications Converged Application Server | All | All | All | All |
| Application | Oracle | Communications Converged Application Server | All | All | All | All |
| Application | Oracle | Communications Webrtc Session Controller | All | All | All | All |
| Application | Oracle | Communications Webrtc Session Controller | All | All | All | All |
| Application | Oracle | Enterprise Repository | 12.1.3.0.0 | All | All | All |
| Application | Oracle | Enterprise Repository | 12.1.3.0.0 | All | All | All |
| Application | Oracle | Retail Convenience And Fuel Pos Software | 2.8.1 | All | All | All |
| Application | Oracle | Retail Convenience And Fuel Pos Software | 2.8.1 | All | All | All |
| Application | Oracle | Utilities Network Management System | 1.12.0.3 | All | All | All |
| Application | Oracle | Utilities Network Management System | 2.3.0.0 | All | All | All |
| Application | Oracle | Utilities Network Management System | 2.3.0.1 | All | All | All |
| Application | Oracle | Utilities Network Management System | 2.3.0.2 | All | All | All |
| Application | Oracle | Utilities Network Management System | 1.12.0.3 | All | All | All |
| Application | Oracle | Utilities Network Management System | 2.3.0.0 | All | All | All |
| Application | Oracle | Utilities Network Management System | 2.3.0.1 | All | All | All |
| Application | Oracle | Utilities Network Management System | 2.3.0.2 | All | All | All |
| Application | Oracle | Webcenter Portal | 11.1.1.9.0 | All | All | All |
| Application | Oracle | Webcenter Portal | 12.2.1.3.0 | All | All | All |
| Application | Oracle | Webcenter Portal | 11.1.1.9.0 | All | All | All |
| Application | Oracle | Webcenter Portal | 12.2.1.3.0 | All | All | All |
| Application | Oracle | Weblogic Server | 12.1.3.0.0 | All | All | All |
| Application | Oracle | Weblogic Server | 12.2.1.3 | All | All | All |
| Application | Oracle | Weblogic Server | 12.2.1.3.0 | All | All | All |
| Application | Oracle | Weblogic Server | 12.1.3.0.0 | All | All | All |
| Application | Oracle | Weblogic Server | 12.2.1.3 | All | All | All |
| Application | Oracle | Weblogic Server | 12.2.1.3.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Oracle WebLogic Server CVE-2018-3246 Remote Security Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Oracle Critical Patch Update - January 2019 | CONFIRM | www.oracle.com | Patch |
| CPU Oct 2018 | CONFIRM | www.oracle.com | Patch, Vendor Advisory |
| Oracle WebLogic Server Multiple Bugs Let Remote Users Gain Elevated Privileges, Access Data, and Partially Modify Data - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.