CVE-2018-2765Corporation Database Enterprise Edition vulnerability

4 documents4 sources
Severity
7.5HIGHNVD
EPSS
1.3%
top 19.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Oracle Corporation Database Enterprise EditionOracle Corporation Security ServiceOracle Security Service
Timeline
PublishedApr 19
Latest updateMay 13

Description

Vulnerability in the Oracle Security Service component of Oracle Fusion Middleware (subcomponent: Oracle SSL API). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Security Service. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Security Service accessible data.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDoracle/security_service4 versions+3
CVEListV5oracle_corporation/security_service4 versions+3
CVEListV5oracle_corporation/database_enterprise_edition11.2.0.4, 12.1.0.2, 12.2.0.1+2

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-7wc4-63m9-f7j6: Vulnerability in the Oracle Security Service component of Oracle Fusion Middleware (subcomponent: Oracle SSL API)2022-05-13
CVEList
CVE-2018-2765: Vulnerability in the Oracle Security Service component of Oracle Fusion Middleware (subcomponent: Oracle SSL API)2018-04-19

📋Vendor Advisories

1
Oracle
Oracle Oracle Database Server Risk Matrix: Oracle SSL API — CVE-2018-27652020-10-15
CVE-2018-2765 — HIGH severity | cvebase