CVE-2018-2874 — Corporation Application Object Library vulnerability

3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 65.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Corporation Application Object Library Oracle E-business Suite

Timeline

PublishedApr 19

Latest updateMay 13

Description

Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Logging). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows physical access to compromise Oracle Application Object Library. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Object …

CVSS vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 0.7 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5oracle_corporation/application_object_library12.1.3

▶NVDoracle/e-business_suite12.1.3

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-mp9r-g5gq-fwfp: Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Logging)↗2022-05-13

▶

CVEList

CVE-2018-2874: Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Logging)↗2018-04-19

▶